Craig Peterson's Tech Talk

Follow Craig Peterson's Tech Talk
Share on
Copy link to clipboard

ClearChannel Radio's Number One Weekend Tech Show in the Boston Market -- More Than 20,000,000 Podcast Downloads! Craig interviews top industry insiders and explains the technology secrets everyone needs to know. www.CraigPeterson.com

Craig Peterson


    • Jun 26, 2022 LATEST EPISODE
    • every other week NEW EPISODES
    • 17m AVG DURATION
    • 1,261 EPISODES


    Search for episodes from Craig Peterson's Tech Talk with a specific topic:

    Latest episodes from Craig Peterson's Tech Talk

    Been to a Hospital Website Lately? Facebook May Have Your Personal Information!

    Play Episode Listen Later Jun 26, 2022 85:29

    Been to a Hospital Website Lately? Facebook May Have Your Personal Information! Hey, Facebook isn't the only company doing this, but there's an article from the markup. They did a study and caught Facebook. This is absolutely crazy -- receiving sensitive medical information. We're gonna talk about that right now. [Automated transcript follows] This is really concerning for a lot of people. And, and for good reason, frankly, I've been talking about this. [00:00:22] I, I think the first time I talked about it was over a decade ago and it has to do with what are called pixels. Now, marketers obviously want to show you ads and they want show you ads based on your interest. And frankly, as a consumer, if I'm looking for a new F one. I wouldn't mind seeing ads from competing car dealers or, you know, used car places, et cetera, to try and sell me that Ford truck. [00:00:53] It makes sense, right? If I'm looking for shoes, why not show me ads for shoes, but what happens when we start talking about the medical business about the legal business things get murky and people get very upset. You see the way these pixels work is you'll put a pixel, like for instance, a Facebook pixel. [00:01:15] If you go to Craig peterson.com, I've got this pixel on there from Facebook. And what it allows me to do now is retarget Facebook user. So you go to my site to go to a page on my site, and this is true for, uh, pretty much every website out there. And. I know that you went and you were looking for this, so I can retarget you in an ads. [00:01:37] I'll show you an ad. In other words, on Facebook now I've never actually done that ever. Uh, I I'm like the world's worst marketer, frankly. Uh, and, uh, but I do have that on there because it gives me some other numbers, statistics, and, and really helps you to understand how the website's being used, which I think makes a whole lot of sense. [00:01:58] So there are marketers that are using this for obvious reasons. Now, I think you understand what the pixel is. It is literally a little picture that is one pixel by one pixel, and it tends to blend in, I think even in most cases, now these pixels from different. Places like Facebook are actually transparent. [00:02:19] So you, you don't even see it on the page, but the idea is now they have a foothold on a website that doesn't belong to them. In this case, Facebook now has access to information about a website that you visited that has nothing to do with Facebook. okay. So that's the basics of how these pixels work and they're almost impossible to get rid of because in reality, many websites, mine included will even grab graphics from other websites just because you know, it it's, I'm quoting another article I pull in their graphic. [00:03:00] Of course, they'm gonna point to that other site. Why would I take that picture? Put it on my site. I don't own the rights to it. But if he'll let me that other website will, let me go ahead and show that graphic on my website, cuz there's ways to restrict it. If they don't want me doing that, they could stop me from doing it. [00:03:18] Then I I'm going to just go to the original website so they can get the credit for it's their property still. I'm not violating any copyright laws, et cetera. Does that make sense to. So what's the difference between the Facebook pixel and a picture I'm pulling from another random website? Well, the obvious thing is it's coming from a Facebook domain of some sort. [00:03:40] So, so there are ways to stop it, but there's just as many ways to get around stopping it, frankly. Well, Let's move on to something a little more sensitive. We have had problems that I reported on years ago of people going to an emergency room in a hospital. Now, when you're in that emergency room, your phone has GPS capabilities still. [00:04:06] It knows you went in the emergencyentrance to the hospital and you are. Opening it up. Maybe you're looking around, maybe you're reading articles, maybe you're plotting your trip home using Google maps. You are being tracked depending on what apps you have on your phone. If you have an Android versus an iPhone, what you've enabled, what you haven't enabled. [00:04:29] Right? All of that sort of stuff. well, this now has become a problem because as I reported there have been people who went to the hospital, went to the emergency room and started seeing ads from what you might call ambulance, chasing lawyers. Have you been injured? Is it someone else's fault? Call me right now. [00:04:54] Do he cheat him in. if that sort of thing showed up on your phone, would you get a little upset, a little nervous saying, what are they doing, trying to cash in on, on my pain, maybe literal pain. And it's not as though those ads are just showing up while you are in the emergency room, because now they've tagged you. [00:05:15] They know that you are in that emergency room. So off they'll. They will go ahead and track you and send you ads even after you leave. Hey, I wanna remind you if you want to get this, uh, this week's list of articles. I, I put out every week, my insider show notes. It has become very popular. Thousands of people get that every week. [00:05:41] Go right now to Craig peterson.com. I'll also send out a little bit of training. I do that. I have special reports. I send out. I've got more stuff I'm doing, but you gotta be on the email list. Craig peterson.com to get on my free email list now. What's happened here now is markup went ahead and looked at Newsweek's top 100 hospitals in America. [00:06:06] They went to their websites and they found about a third of the hospitals using what's called the Meel. That is the Facebook pixel I was referring to earlier. So it sends a little bit of data. Whenever someone clicks a button to let's say, schedule a doctor's appointment. Why does it do that? Well, because the Facebook pixel is on the scheduling page. [00:06:33] Let's say there's scheduling page for oncology on the website. I guess who knows that you are going to see an oncologist? Facebook? Why? Well, because the hospital has put a Facebook tracking pixel on that page. So Facebook knows, Hey, he was on the oncologist page. Maybe he has cancer. I should start showing him ads from other hospitals and from cancer medications, et cetera, etcetera, that is happening. [00:07:03] Right now, 33 of these top 100 hospitals in America. Th these are the top 100, according to Newsweek's list. Have that information. Now that data is connected to your internet. Address. So it's kinda like your computer's mailing address and they can link that back to usually to a specific individual or to a household. [00:07:30] So now they have a receipt of the appointment request. that's gone to Facebook now. They don't have everything you filled out on the page or anything, you know, you added in your social security number, maybe other medical information. Facebook didn't get all of that, but they do know that you visited the hospital's website and which pages you visited on that website. [00:07:56] So markup went ahead and contacted these hospitals. So, for example, John John's Hopkins hospital, they did find a Facebook pixel tracking on the appointment, scheduling page. They informed John's Hopkins of how that is a leak of personal information. And after being contacted by the markup, they did not remove the track. [00:08:27] also, by the way, when the markup reached out to them, the hospital did not respond UCLA Reagan medical center. They had of course a pixel and they did remove it from the scheduling page. Although they declined to comment, New York Presbyterian hospital, all these hospitals have that pixel and they did not remove it. [00:08:49] Northwestern Memorial hospital. Again, they got the tracking pixel did not remove it after they were informed about the security problems, duke university hospital, same thing. Most of these, by the way, did not respond to them. University of Pennsylvania, Houston Methodist hospital, the university of Chicago medical center. [00:09:11] Uh, the last two of those did remove the pixel. Uh, Scripps Memorial hospital out in LA JOA, California. There are many Brigham and women's Faulkner hospital. They were informed that they had the tracking picture pixel on the, on the, uh, scheduling page. They did not remove it, but you know, the time of this article, a Tufts medical center, same thing did not remove it, uh, out in Sanford in San Diego. [00:09:39] Same problem. John's Hopkins Bayview medical center, John Jefferson health, Thomas Jefferson university, hospitals, Loyola. These are big name hospitals. I'm looking at these that goes on and on sharp Memorial hospital, Henry Ford hospital. Uh, let's see some more, I'm trying to, oh, Massachusetts general hospital. [00:10:00] They did not have the tracking pixel Brigham in women's hospital, no tracking pixel on the scheduling page. So some of these hospitals were already doing it right. They re they recognized that putting this Facebook. Pixel on may help them with some of the marketing and understanding the market a little better, which is what I do, but it's also giving personal information, personal health information to Facebook and Facebook's advertisers. [00:10:32] So they didn't put it on so good for them. Again, mass general Brigham and women's, uh, Sanford Mount Sinai, university of Michigan hospital and, and others, of course. So very good news there in general. Again, don't be worried about a pixel on just a random website because it probably is being used to help with stats to know what's being used on the website. [00:10:58] And maybe, maybe just maybe using it to send a little ad to you on Facebook later. Of course, you're listening to Craig Peter son. You can get my insider show notes for absolutely free. And my little mini trainings. Oh three to five minutes every week@craigpeterson.com. Just sign up on the homepage. [00:11:23] You know, I've got it on my homeowner's policy. I have a special business policy for it. And it's something that you should seriously consider, but you need to understand first. So we're gonna talk about it. What is cyber insurance? Uh, that's what's up now? [00:11:41] Cyber insurance is something that many businesses have looked at, not all businesses have, which is kind of crazy. If you ask me according to the industry statistics right now, less than 1% market penetration for cyber insurance and is expected to. [00:12:02] Into a $20 billion industry by 2025. That is some serious money. So what is this cyber insurance? For instance, there's a rider on my home insurance for, for cyber insurance and I have special cyber insurance from a, a big company underwritten, but it is for anything that happens. In my business, that's related to cyber security and it also covers my clients because that's what we do for living is cyber security. [00:12:37] If they are following our guidelines. So it's pretty darn cool when you get right down to it, because these risks that we have in the digital world are really every. So if you're a large organization, if you're a small little enterprise, are you going to get hacked? You know, bottom line, anybody could potentially get hacked because the bad guys have gotten pretty good. [00:13:06] And most of us in business have gotten pretty lax AADA because of all of this, but not everybody understands when we're talking about cyber insurance. What does cyber mean? Well, the idea is that cyber insurance is created to protect organizations and individuals against digital risks. So we're talking about things like ransonware malware fishing campaigns. [00:13:34] So for instance, I got a call just this week from a listener who again, had their operating account emptied out, hated when that happens. And so they lost everything. They lost all of the money in the account and they're trying to get it back. I got an email this week and, uh, from a lady that I, there's not much I can do for her. [00:13:56] I pointed her in the right direction, but her father, I think it was, had his digital wallet of cryptocurrency completely emptied, completely stolen. Can you believe this sort of stuff, right? It's happening every day. You might have insurance that covers that, but you might not. Traditional insurance policies are only looking at physical risks, so they will take the physical risk things like damage to equipment, or maybe you have livestock or you have stock an inventory, a building different locations. [00:14:38] That's your standard stuff. But cyber insurance is to allow businesses to transfer the costs associated with recovery from the losses incurred when there's some form of cybersecurity breach. Now that's a pretty big deal. because the losses can be huge. It isn't just ransomware where maybe it, it costs you a million dollars in ransom payments. [00:15:08] Or if you're an individual, a retiree, maybe it only costs you 25,000 in ransom payments. And I know that's a lot, especially for retiree. But there is loss of reputation. There's loss of business, cuz you couldn't conduct business cuz you couldn't use your computers. Right? All of that sort of stuff. You got people that you have to bring in, you have to bring in a special team to try and recover your data. [00:15:33] Maybe try and figure out what had happened. Right. All of that sort of stuff. So be careful cyber insurance, a lot of people kind of mistake it for policy that pays off. Attackers to retrieve or unlock data. That's not what it's really for cyber insurance is something that allows you to, I guess the term in, in the industry is transfer risk when your online security controls fail and. [00:16:01] Basically all of them could fail. It, it, it depends, right? If you're a huge company, you can hire a bigger team for a security operation center, but at the same time, you also have more employees that are causing more problems. So look at it entirely business interruption, payments to experts to recover the data. [00:16:23] Compensation for bodily injuries, uh, depending obviously on the resulting damage and the particular policy and the rates are gonna vary based on the maturity of your cyber defenses. So this is something that I've been big on for a long time, the cyber security maturity CMMC and what that helps 'em to determine is. [00:16:49] What are your rates gonna be? So if you went out and you're just using the cable modem that they, that the, uh, company, your cable company provided for you, or you go to a big box retailer, and that's where you bought your firewall and switches, and you've got your wonderful little Lenovo PCs or Dows or whatever, and you're running, uh, Norton antivirus. [00:17:13] You are not well covered. You are not very mature from a cybersecurity standpoint. The other thing you need to be able to do is make sure you've got your asset management all in line, that you have policies and procedures in place for when things happen. You gotta have it all put together, but the average cyber insurance policy for a small to mid-size company in 2021 was about $1,600. [00:17:41] For $1 million in cyber liability coverage. Now that's not really bad at all. Now there are limits to what the provider will pay. They will often, if you do get nailed, They'll come in and double check that, everything that you said, all of those boxes that you checked when you were applying for your cyber security insurance, make sure you actually did all of them. [00:18:08] Okay. Yeah. Kind of a big deal. And you not only will they not pay out, if you didn't do everything that you said you were going to be doing. but the other problem is you might end up getting sued by. Okay. So expect a counter suit if you decide to soothe them. So don't lie on those fors people. Okay. All right. [00:18:32] Um, cyber claims, unlike non-technical events, like again, a fire flood storm damage, the cyber insurance claim might be determined by means of attack and your ability or your effort to prevent it. As I was saying, make sure you've got the checklist and this is something I think I, I should probably put a course together on to help you guys with, or maybe even a little bit of consulting for people. [00:19:01] Let me know, just send an email to me, me@craigpeterson.com. And uh, if you're interested in more info about cyber insurance, you can either look at this week's newsletter that you can. By again, going to Craig peterson.com and a link to this particular article I'm looking at, or you can tell me, Hey, listen, I'd love a little course or little support, a little help. [00:19:24] Okay. I think it makes a lot of sense. So does your business qualify for cyber insurance? Well, some do some don't, uh, you might not see yourself as a target. For the bad guys, but I'll tell you, my 85 year old father was conned by some of these cyber attack guys. Okay. And he doesn't have much money. He, he's not the bank of, uh, England bank of America. [00:19:52] None of these big banks or anything. Oh. Is a retiree living at home trying to make ends meet. So the same, thing's true for you as a business, you as an individual now. You are vulnerable most likely to a cyber attack, but you've got to really manage your risk posture. You gotta do things, right. So that's the bottom line there. [00:20:16] That's what we try and help you do. But you can find information about this again, you can just email me, me, Craig peterson.com and ask for the info on cyber insurance, or if you're already a subscriber to my newsletter. That went out Tuesday morning. So just check your mail. Maybe it's in the spam box from Tuesday morning and you'll find a lot more information linked right from there. [00:20:42] Craig peterson.com stick around. We'll be right back. [00:20:51] There are a lot of complaints about how some of these cryptocurrencies are very non green using tons of energy. And now the prices are going down. We're seeing a number of really weird things happening. [00:21:07] Cryptocurrency, as you probably have heard, has taken a tumble. Now, some of the cryptocurrencies, particularly of course, someone you might know most is Bitcoin use a lot of computing power. [00:21:20] You see, what they're trying to do is basically solve a very complex mathematical problem. And in order to do that, they need a lot of computing power. Now you can certainly run it on your little desktop computer, that program to compute those things. It's called mining. So you're mining for Bitcoin. [00:21:42] You're, you're trying to solve these mathematical problems and there's a theoretical limit to how many Bitcoins could actually potentially be mind looking right now. They're saying that circulating Bitcoin right now. Is about 19 million Bitcoin that are out there. And Bitcoin is worth about $20,000 right now, down from its huge, huge, huge high. [00:22:11] That was, uh, more than two and a half times. What it's worth right now. So, how do you mind? Well, if you take that computer and you run the software, it's gonna do some mining and it is probably going to cost you more in electricity nowadays to mine. One Bitcoin than that Bitcoin is worth. In fact, it certainly will cost you more now. [00:22:37] Uh, that's why the people that are professional Bitcoin minors have taken a different tact and what they've done. Is they found places where they can get cheap electricity. For instance, Finland, where they're using geothermal produced electricity. They're also using the cold air outside in order to cool down. [00:23:00] The computers themselves as they're trying to compute this, but there's another thing that they've been doing. And that is well, how about we buy a coal plant? That's been shut down and that's happened. So they take that coal plant. They bring it back online. They burn the coal, they produce electricity at a cheaper rate than they could buy it. [00:23:23] but behind all of this is the computing power. And what miners found a long time ago is it's better to have thousands of compute units working on solving these problems than it is just having. I don't know how many CPUs are in your computer for eight. Com, um, CPUs. How many? Well, I, how far can you get with those? [00:23:48] Yeah, they're fast, but we need thousands of computers. So what they found is that GPU's graphical processing units. Kind of met their goals. You see a GPU is actually composed of thousands of computers, little compute units. Now they can't do real fancy math. They can't do anything particularly fancy. [00:24:13] They're really designed to move. Pixels around on a screen. In other words, they're designed to help gamers have a nice smooth game while they're playing. They can be used. In fact, they're used all of the time in desktop computers, just for regular display of a webpage, for instance, or if you're watching a video, all of that is part of what they're doing. [00:24:39] With graphic processing units. And if you've been paying attention, you probably have noticed if you particularly, if you're a gamer that the price for GPUs has gone way up, not only has it gone way up and it isn't just due to the lockdown and the supply chain problems. but they're very, very, very hard to get now. [00:25:02] Yeah. Some of that is due to supply chain problems. No doubt about it. But most of these GPUs, according to some of the numbers I've seen, have actually been bought by these professional mining companies. In fact, many of them have gone the next step and they have what called custom silicone. These are completely customized process. [00:25:28] sometimes they're using Asics. Sometimes they're using other things, but these custom processors that are really good at solving that problem that they have to solve in order to mine, a bit Bitcoin or one of these other currencies. So you, you see how that all works. There's a number of GPU manufacturers and something else interesting has happened because of the drop in value of pretty much all of the cryptocurrencies. [00:26:00] And that is these GPS are going byebye. Right. Do does a company that is now no longer trading. That's no longer operating. Uh, we've seen at least two of these crypto mining companies just completely disappear. So now all of their hardware is going up for sale. You'll find it on EBA. So I, I wanna warn you, if you are looking for a GPU of some sort for your computer, maybe if you're a gamer, be very, very careful. [00:26:37] We've got a buyer beware situation here because you're not just buying a GPU. A graphics processing card, uh, that has been lightly used. It was sitting in a terminal. Maybe it's a GPU. Like I use them where, when I'm doing video editing, it does use the GPU, even some of the audio editing. It uses the GPU. [00:26:59] I'm looking at it right now and I've got some, uh, GPU utilization going on. I've got about, uh, 6% of my GPU in use right now on this computer. So. What the problem is is that these minors who are selling their old GPUs have been running them full Bo 24, 7. That's hard on anything. Isn't it. So what, uh, what's happening here is that you are seeing a market getting flooded with GPUs. [00:27:35] You really don't wanna. All right. Does that make sense? Uh, you know, there we've lost more than 50% this year already in some of these, uh, cryptocurrencies that are out there coin base has had an interesting year Celsius, a major cryptocurrency bank, suspended withdrawals, uh, just here in the last few. [00:28:01] Coin based crypto exchange announced a round of layoffs. Also here, they paused their hiring a month or two ago. It it's not going very well and prices for new and used graphic cards are continuing to fall. The peak price was late in 2021, a little bit early in 2022, but now you can go to Amazon new egg, best buy and buy current generation GPUs for prices that really would seem like bargain six months ago. [00:28:35] And pricing for used GPUs has fallen even further, which is the caveat aura URA thing here that I'm warning everybody about. You need to proceed. With caution. So there's a lot of scams, a lot of bait and switches. You know, that's been kind of normal for some things over the years on eBay. I'm afraid, but I've had pretty good luck with eBay, but any high value eBay purchase CPUs have been mining cryptocurrencies at full tilt for months or years have problems in new GPU. [00:29:12] Would not have had, you know, this heat that they generate, the dust that gets into them, that the heat is messing with can really degrade the performance and degrade the usage of that GPU here over time. Dust can also, uh, cause problems with the thermal paste that's in them could be dried out thermal paste because of the heat and that causes them to crack and causes other problems. [00:29:40] So if you buy a used GP that looks dirty or runs hot, removing and cleaning the fan and heat sink, reapplying, fresh thermal paste. Could potentially restore loss performance, and maybe you can even get that new Sony PlayStation because GPS are becoming available. Again. Visit me online Craig peterson.com and get my weekly insider show notes right there. [00:30:07] Craig peterson.com. Sign up now. [00:30:13] Self-driving is relatively new technology. And, uh, our friends at Tesla just fired an employee who posted videos of a full self-driving accident. Uh, he's done it before. [00:30:30] Tesla has a very interesting background. In fact, Elon Musk has gotten more interesting over time. And particularly lately the stuff he's saying, the stuff he's doing, but his companies have really made some amazing progress. [00:30:48] Now, one of the things that Elon did pretty well pretty early on was he decided he was going to start selling. A self-driving feature for his cars. And back in the day, you could buy it. This was before it was ready at all for, I think it was 5,000 and, uh, it was good for whenever they came out with it. [00:31:15] And then it went up to 7,000 and then I think it went to 12,000 and now it's you pay him monthly, but in reality, There are no fully self-driving qualified Teslas on the road today. It will be a little while before that happens. So this ex Tesla employee by the name of John Burnell is quoted in ours Technica saying that he was fired for posting YouTube videos about Tesla's full self-driving beta. [00:31:48] Now this is called F S D. And if you know, Computers, you know what beta is? Beta means, Hey, you know, should work, could work, probably has some problems. And that's exactly what it is. Now. Tesla told California regulators that the full self-driving beta lacks true autonomous features. And that's probably how they got by getting with putting this car on the road, these cars on the road. [00:32:19] So this X employee. Says that Tesla also cut off access to the full self driving beta in the 2021 Tesla model three that he owns. Now. He said that he paid for it. He had it legitimately, and yet Tesla cut him off from, and I guess. Anybody can try and sign up for it. I don't know all of the details behind getting that beta code. [00:32:46] If you wanted to, you probably could investigate a little bit further, but the video that he posted on February 7th provided a frame by frame analysis of a collision of his Tesla with a Ballard, a a Ballard. Those are those stanchions, those, uh, cement pillars. They usually have. Plastic on the outside that you'll see, you know, protecting sidewalks or in this case it was protecting a bike lane in San Jose. [00:33:19] So he said, no matter how minor this accident was, it was the first full self-driving beta collision caught on camera. That is irrefutable. And he says I was fired from Tesla in February with my U YouTube being cited as the reason why, even though my uploads are for my personal vehicle off company, time or property with software, I paid for. [00:33:45] And he has a, um, channel called AI addict that you can find over there on YouTube if it hasn't been taken down yet. Right. Uh, he said that he got a notice that his full self-driving beta was disabled be based on his recent driving data, but that didn't seem to fit because the morning I got fired, he says I had zero proper use strikes. [00:34:10] On my vehicle. So yeah, I, I can't say as I really would blame him, uh, him being in this case, Elon Musk for firing this guy, but it's an interesting little video to watch. It's like two and a half minutes. You'll see. And it, the guy has his hand on the steering wheel and the car is steering. Itself down the roadway and there's no other traffic really on the road. [00:34:38] I don't know when this was like a, a Sunday or something, but you can see on the screen, it is detecting things like the, the little, uh, construction pillars that are on the side of the road. And he's in a left. Turn only lane and his Tesla turns, left the steering. Wheel's kind of going a little back and forth, right? [00:34:58] As it tries to make up his mind what it's going to do and he's driving down, he just passed a ups truck. Although I would not have passed personally, the way he passed, which is the. The car decided it was going to, um, get closer to that ups truck. I, I would've purposely gone further away. And then what happens is he goes around another corner where there's some Ballards. [00:35:26] That are in the roadway. And of course the idea behind them is so the cars don't go in and accidentally strike a cyclist. But around that corner where there is a crosswalk crossing the street, there's no Ballard. So people don't have to kind of get around them. And then the Ballards start off again. So the Tesla got kind of confused by this and looking at the screen, it doesn't show the, these Ballards. [00:35:56] Being recognized. So the driver of the car grabs the stern wheel takes over at the very last second, but did actually hit the Ballard. Uh, no two ways about it here. He hit it and the car is stopped and it's just a minor scratch. He's showing it on his, uh, on his screen here. But I gotta say overall, it looks like it performed quite admirably. [00:36:24] And the fact that this apparently is the. Uh, the only time it was actually caught on video. That's interesting too, but the cars of course have cameras on them too. So I'm sure. In other cases it did record a video of it. So CNBC said it obtained a copy of Tesla's internal social media policy, and it says it makes no direct reference. [00:36:48] To criticizing the company's product in public. So we'll see what happens. Uh, apparently too, they are saying that this is the first accident in a year of testing this full self-driving. So that is darn good, frankly. And, uh, he's saying, you know, some people are saying I should have reacted sooner, which I should have. [00:37:09] But in my year of testing, the full stop driving is usually really good at detecting objects last minute and slowing to avoid. So I don't know. We'll see what happens here. Tesla's doing a very good job. Hey, and I got another car story for you. This one, I. Think is totally, totally cool. You might remember Congress passed a law back in the seventies saying that we had to have what these cafe standards for vehicles efficiencies. [00:37:36] In other words, you had to have certain fuel efficiency across all of the cars that you manufactured, you know? Okay. It is good enough, whatever. And, uh, they, they weren't able to make. uh, the car manufacturers, they weren't able to hit it until they came up with a whole new ignition technology for the cars. [00:38:00] And that of course is fuel injection. You might remember we had car braiders and all of the cars, not very efficient. The engines themselves aren't very efficient, but we came up with fuel injection. And that helped the car manufacturers to meet these new cafe standards. Now, unfortunately, car manufacturers have removed weight from the cars in order to gain fuel efficiency in order to meet these federal requirements. [00:38:28] So they've done things like taking out the full size spare tire, right? You, you had that before and that full size spare tire is now replaced with. Stupid a little tire, right? That, you know, you can limp down the road a little ways, but not very far, but they've also removed steel and various metals from other parts of the car. [00:38:47] And many people have said it's made the cars less safe. The same time they've added more safety features like the side impact airbags and, and other things and, and airbags that will Mame. But, but that's a different story entirely. Uh, but this is very, very cool because there's a company called transient plasma systems TPS, and they came up with this new advanced ignition system that uses plasma. [00:39:17] They've designed it in such a way that it replaces your spark plugs in your. And now they put the ignition module in that uses nanosecond duration, pulses of plasma to ignite that air fuel mixture that's inside the cylinder. So you're still doing the fuel injection, but you're igniting it with a nanosecond worth of. [00:39:43] Plasma. Isn't that just amazing. So they've tested that technology 2019 is when they came out with it and they did some bench testing, but now it's almost ready for production. So they're doing now with vehicle manufacturers, validation testing. It is frankly very cool. And they don't have to do it on brand new engines either. [00:40:08] They will come up with retro Kitt fixed fixes. Now, imagine this getting 20% better mileage by basically replacing your spark plugs and a little more firmware changes in your engine controller. No question about that one, right. But this is frankly. Absolutely amazing. Now it's going to take a lot of years before we move to electric vehicles. [00:40:34] For a lot of reasons. We're not ready. The country isn't ready. The infrastructure isn't ready. People aren't ready. The cars aren't ready. We don't even know what. To do with the batteries. People complain about nuclear waste while there are now huge fields full of these batteries while they're trying to figure out what do we do with the used batteries from these electric or hybrid cars, because man, they it's a huge problem. [00:40:59] All kinds of toxic stuff in them. And they haven't been good at being able to recycle 'em it's not like the old lead acid batteries. That are very easy to recycle. So it's going to be years before they really stop selling any of these internal combustion engines and even longer before they ban internal combustion engines. [00:41:21] From the roadways. So this plasma ignition system is going to really, really help 20%. That is darn good. And I am looking at the article right now. They used this Toyota engine. This is a 2.5 liter Toyota Camry Atkinson cycle, thermal efficiency around 40%, which is absolutely amazing. Good job Toyota. And. [00:41:48] Replaced the spark plug with this. Ignition system, this new ignition system using of course plasma and they found some amazing, amazing, uh, statistics here improvements. So in some cases they're seeing. The spark plugs and the plasmas getting 6% increase in fuel economy and others are seeing 20% increases. [00:42:17] Of course, they've got to do more testing, extreme heat, extreme, cold, wet, dry, but that's gonna be happening. And we might see this in our cars in the next couple of years. Make sure you sign up right now. For my newsletter, get my insider show notes for free Craig peterson.com. [00:42:39] Hey, it looks like if you did not invest in crypto, you were making a smart move and not moving. Wow. We got a lot to talk about here. Crypto has dived big time. It's incredible. What's happened. We get into that more. [00:42:56] Crypto currencies. It, it it's a term for all kinds of these basically non-government sanctioned currencies. [00:43:06] And the idea behind it was I should be able to trade with you and you should be able to trade with me. We should be able to verify the transactions and it's kind of nobody's business as to what's happening behind the scenes. And yet in reality, Everybody's business because all of those transactions are recorded in a very public way. [00:43:30] So crypto in this case does not mean secret or cryptography. It's actually referring to the way the ledgers work and your wallets and, and fact, the actual coins themselves, a lot of people have bought. I was talking with my friend, Matt earlier this week and Matt was saying, Hey, listen, uh, I made a lot of money off of crypto. [00:43:57] He's basically a day trader. He watches it. Is it going up? Is it going down? Which coin is doge coin? The way to go? Cuz Elon must just mentioned it. Is it something else? What should I do? And he buys and sells and has made money off of it. However, a lot of people have. And held onto various cryptocurrencies. [00:44:19] Of course, the most popular one. The one everybody knows about is Bitcoin and Bitcoin is pretty good stuff, you know, kind of bottom line, but 40% right now of Bitcoin investors are underwater. Isn't that incredible because of the major dropoff from the November peak. And this was all started by a problem that was over at something called Tara Luna, which is another cryptocurrency now. [00:44:51] You know, already that there is a ton of vol a ton of, uh, changes in price in various cryptocurrencies, Bitcoin being of course a real big one where, you know, we've seen 5,000, $10,000 per Bitcoin drops. It, it really is an amazingly, uh, fluid if you will coined. So there's a number of different people that have come out with some plans. [00:45:19] How about if we do kinda like what the us dollar used to do, which is it's tied to a specific amount of gold or tied to a specific amount of silver. Of course, it's been a while since that was the case. Uh, president Nixon is the one that got us off of those standards, but. Having gold, for instance, back in your currency means that there is going to be far less fluctuation and your currency means something. [00:45:49] See, the whole idea behind currency markets for government is yeah, you do print money and you do continue to increase the amount of money you print every year. Because what you're trying to do is create money for the. Goods product services that are created as well. So if, if we create another million dollars worth of services in the economy, there should be another million dollars in circulation that that's the basic theory. [00:46:20] Monetary theory really boiling it. Right. Down now of course, you know, already our government has printed way more than it. Maybe should have. It is certainly causing inflation. There's no doubt about that one. So they're looking at these various cryptocurrencies and saying, well, what can we do? How can we have like a gold standard where the us dollar was the currency the world used and it, its value was known. [00:46:46] You see, having a stable currency is incredibly important for consumers and businesses. A business needs to know, Hey, listen, like we sign a three year contract with our vendors and with our customers. And so we need a stable price. So we know what's our cost going to be, what can we charge our customer here? [00:47:06] Can the customer bear the price increases, et cetera. The answer to most of those questions of course is no, they really, they really can't is particularly in this day and age. So having a. Fixed currency. We know how much it's worth. I know in two years from now, I'm not gonna be completely upside down with this customer because I'm having to eat some major increases in prices. [00:47:31] And as a consumer, you wanna look at it and say, wow, I've got a variable rate interest rate on my mortgage. And man, I remember friends of mine back in the eighties, early eighties, late seventies, who just got nailed by this. They had variable rate interest loan on their home because that's all they could get. [00:47:50] That's all they could afford. So the variable rate just kept going up. It was higher than credit cards are nowadays. And I remember a friend of mine complaining, they had 25% interest and that's when they lost a house because 25% interest means if you have a a hundred thousand dollars loan, you got $25,000 in interest that year, you know, let alone principal payments. [00:48:14] So it, it was a really. Thing. It was really hard for people to, to deal with. And I, I can understand that. So the cryptocurrency guys. I said, okay, well let's tie it to something else. So the value has a value and part of what they were trying to tie it to is the us dollar. That's some currencies decided to do that. [00:48:39] And there were others that tried to tie it to actual. Assets. So it wasn't just tied to the dollar. It was okay. We have X dollars in this bank account and that's, what's backing the value of our currency, which is quite amazing, right. To think about that. Some of them are backed by gold or other precious metals. [00:49:02] Nowadays that includes a lot of different metals. Well, this one coin called Tara Luna dropped almost a hundred percent last week. Isn't that amazing. And it had a sister token called Tara us D which Tara Luna was tied to. Now, this is all called stablecoin. Right? The idea is the prices will be stable. and in the case of Tara and Tara S D the stability was provided by a computer program. [00:49:37] So there's nothing really behind it, other than it can be backed by the community currencies themselves. So that's something like inter coined, for instance, this is another one of the, there are hundreds of them out there of these, uh, cryptocurrencies. The community backs it. So the goods and services that you can get in some of these communities is what gives value to inter Pointe money system. [00:50:03] Now that makes sense too, right? Because the dollar is only worth something to you. If it's worth something to someone else, right. If you were the only person in the world that had us dollars, who, who would want. Like, obviously the economy is working without us dollars. So why would they try and trade with you? [00:50:24] If you had something called a us dollar that nobody else had, or you came up with something, you made something up out of thin air and said, okay, well this is now worth this much. Or it's backed by that, et cetera. Because if again, if you can't spend it, it's not worth anything. Anyhow, this is a very, very big deal because on top of these various cryptocurrencies losing incredible amounts of money over the last couple of weeks, We have another problem with cryptocurrencies. [00:50:59] If you own cryptocurrencies, you have, what's called a wallet and that wallet has a transaction number that's used for you to track and, and others to track the money that you have in the cryptocurrencies. And it it's, um, pretty good little. Fun function or feature. It's kind of hard for a lot of people to do so they have these kind of crypto banks. [00:51:21] So if you have one of these currencies, you can just have your currency on deposit at this bank because there's, there's a whole bunch of reasons, but one of the reasons is if. There is a, a run on a bank, or if there's a run on a cryptocurrency, currencies have built into them incredibly expensive penalties. [00:51:45] If you try and liquidate that cryptocurrency quickly. And also if there are a lot of people trying to liquidate it. So you had kind of a double whammy and people were paying more than three. Coin in order to sell Bitcoin. And so think about that. Think about much of Bitcoin's worth, which is tens of thousands of dollars. [00:52:05] So it's overall, this is a problem. It's been a very big problem. So people put it into a bank. So coin base is one of the big one coin coin base had its first quarter Ernie's report. Now, this is the us' largest cryptocurrency exchange and they had a quarterly loss for the first quarter of 2022 of 430 million. [00:52:35] That's their loss. And they had an almost 20% drop in monthly users of coin. So that's something right. And they put it in their statement, their quarterly statement here as to, you know, what's up. Well, here's the real scary part Coinbase said in its earning earnings report. Last Tuesday that it holds the. [00:53:01] 256 billion in both Fiat currencies and crypto currencies on behalf of its customers. So Fiat currencies are, are things like the federal reserve notes, our us dollar. Okay. A quarter of a trillion dollars that it's holding for other people kind of think of it like a bank. However, they said in the event, Coinbase we ever declare bankruptcy, quote, the crypto assets. [00:53:31] We hold in custody on behalf of our customers could be subject to bankruptcy proceedings. Coinbase users would become general unsecured creditors, meaning they have no right to claim any specific property from the exchange in proceedings people's funds would become inaccessible. Very big deal. Very scary for a very, very good reason. [00:53:57] Hey, when we come back, uh, websites, you know, you go, you type stuff in email address, do you know? You don't even have to hit submit. In most cases, they're stealing it. [00:54:09] I'm sure you've heard of JavaScript in your browser. This is a programming language that actually runs programs right there in your web browser, whether you like it or not. And we just had a study on this. A hundred thousand websites are collecting your information up-front. [00:54:26] This is not a surprising thing to me. I have a, in my web browser, I have JavaScript turned off for most websites that I go to now, JavaScript is a programming language and it lets them do some pretty cool things on a webpage. [00:54:44] In fact, that's the whole idea behind Java. Uh, just like cookies on a web browser where they have a great use, which is to help keep track of what you're doing on the website, where you're going, pulling up other information that you care about, right? Part of your navigation can be done with cookies. They go on and on in their usefulness, but. [00:55:06] Part of the problem is that people are using them to track you online. So like Facebook and many others will go ahead and have their cookies on other websites. So they know where you're going, what you're doing, even when you're not on Facebook, that's by the way, part of. The Firefox browser's been trying to overcome here. [00:55:31] They have a special fenced in mode that happens automatically when you're using Firefox on Facebook. Pretty good. Pretty cool. The apple iOS devices. Use a different mechanism. And in fact, they're already saying that Facebook and some of these others who sell advertiser, Infor advertisers information about you have really had some major losses in revenue because apple is blocking their access to certain information about you back to Javas. [00:56:07] It's a programming language that they can use to do almost anything on your web browser. Bad guys have figured out that if they can get you to go to a website or if they can insert and add onto a page that you're visiting, they can then use. Your web browser, because it's basically just a computer to do what well, to mind Bitcoin or other cryptocurrencies. [00:56:34] So you are paying for the electricity for them as your computer is sitting there crunching on, uh, these algorithms that they need to use to figure out how to find the next Bitcoin or whatever. Be, and you are only noticing that your device is slowing down. For instance, our friends over on the Android platform have found before that sometimes their phones are getting extremely hot, even when they're not using them. [00:57:01] And we've found that yeah, many times that's just a. Bitcoin minor who has kind of taken over partial control of your phone just enough to mind Bitcoin. And they did that through your web browser and JavaScript. So you can now see some of the reasons that I go ahead and disable JavaScript on most websites I go to now, some websites aren't gonna work. [00:57:24] I wanna warn you up front. If you go into your browser settings and turn off JavaScript, you are going. Break a number of websites, in fact, many, many websites that are out there. So you gotta kind of figure out which sites you want it on, which sites don't you want it on. But there's another problem that we have found just this week. [00:57:45] And it is based on a study that was done. It's reported in ours Technica, but they found. A hundred thousand top websites, a hundred thousand top websites. These include signing up for a newsletter making hotel reservation, checking out online. Uh, you, you probably take for granted that you nothing happens until you hit submit, right? [00:58:11] That used to be the case in web 1.0 days. It isn't anymore. Now I wanna point out we, I have thousands of people who are on my email list. So every week they get my, my, uh, insider show notes. So these are the top articles of the week. They are, you know, usually six to 10 articles, usually eight of them that are talking about cybersecurity, things of importance in. [00:58:39] The whole radio show and podcast are based on those insider show notes that I also share with the host of all of the different radio shows and television shows that I appear on. Right. It's pretty, pretty cool. So they get that, but I do not use this type of technology. Yeah. There's some JavaScript that'll make a little sign up thing, come up at the top of the screen, but I am not using technology that is in your face or doing. [00:59:08] What these people are doing, right? So you start filling out a form. You haven't hit cement. And have you noticed all of a sudden you're getting emails from. Right. It's happened to me before. Well, your assumption about hitting submit, isn't always the case. Some researchers from KU LUN university and university of Lue crawled and analyzed the top 100,000 websites. [00:59:37] So crawling means they have a little robot that goes to visit the webpage, downloads all of the code that's on the page. And then. Analyzed it all right. So what they found was that a user visiting a site, if the, the user is in the European union is treated differently than someone who visits the site from the United States. [01:00:01] Now there's a good reason for this. We've helped companies with complying with the GDPR, which are these protection rules that are in place in the European union. And that's why you're seeing so many websites. Mine included that say, Hey, listen, we do collect some information on you. You can click here to find out more and some websites let you say no, I don't want you to have any information about me. [01:00:26] We collect information just so that you can navigate the site properly. Okay. Very basic, but that's why European union users are treated differently than those coming from the United States. So this new research found that over 1800 websites gathered an EU user's email address without their consent. So it's almost 2000 websites out of the top 100,000. [01:00:54] If you're in the EU and they found. About well, 3000 websites logged a us user's email in some form. Now that's, before you hit submit. So you start typing in your email, you type in your name and you don't hit submit. Many of the sites are apparently grabbing that information, putting it into the database and maybe even started using it before you gave them explicit permission to do. [01:01:27] Isn't that a fascinating and the 1800 sites that gathered information on European news union users without their consent are breaking the law. That's why so many us companies decided they had to comply with the GDPR because it's a real big problem. So these guys also crawled websites for password leaks and May, 2021. [01:01:55] And they found 52 websites where third parties, including Yex Yex is. Big Russian search engine a and more were collecting password data before submission. So since then the group went ahead and let the websites know what was happening, what they found, uh, because it's not necessarily intentional by the website itself. [01:02:21] It might be a third party, a third party piece of software. That's doing it. They, they informed those sites. Hey, listen, you're collecting user data before there's been explicit consent to collect it. In other words, you, before you hit the submit button and they thought, wow, this is a very surprising, they thought they might find a few hundred website, but. [01:02:45] Course of a year now they found that there were over 3000 websites really that were doing this stuff. So they presented their findings at Usenet. Well, actually they haven't presented 'em yet. Cuz it's gonna be at use N's. In August and these are what they call leaky forums. So yet another reason to turn off JavaScript when you can. [01:03:09] But I also gotta add a lot of the forums do not work if JavaScript's not enabled. So we gotta do something about it. Uh, maybe complain, make sure they aren't clutching your data. Maybe I should do a little course on that one so you can figure out are they doing it before even giving permission? Anyhow, this is Craig Peter son. [01:03:29] Visit me online. Craig Peter son.com and sign up for that. No obligation inside your show notes. [01:03:36] We are shipping all kinds of military equipment over to Ukraine. And right now they're talking about another $30 billion worth of equipment being shipped to what was the world's number one arms dealer - Ukraine. [01:03:53] I'm looking right now at an article that was in the Washington post. And you know, some of their stuff is good. [01:04:01] Some of their stuff is bad, I guess, kinda like pretty much any media outlet, but they're raising some really good points here. One of them is that we are shipping some pretty advanced equipment and some not so advanced equipment to Ukraine. To help them fight in this war to protect themselves from Russia. [01:04:24] Now, you know, all of that, that's, that's pretty common. Ultimately looking back in history, there have been a lot of people who've made a lot of money off of wars. Many of the big banks financing, both sides of wars. Going way, way back and coming all the way up through the 20th century. And part of the way people make money in war time is obviously making the equipment, the, and supplies and stuff that the armies need. [01:04:57] The other way that they do it is by trading in arms. So not just the supplies. The bullets all the way through the advanced missile systems. Now there's been some concerns because of what we have been seen online. We've talked about telegram here before, not the safest web, you know, app to use in order to keep in touch. [01:05:24] It's really an app for your phone and it's being used. Ukraine to really coordinate some of their hacker activities against Russia. They've also been using it in Russia, te telegram that is in order to kind of communicate with each other. Ukraine has posted pictures of some of the killed soldiers from Russia and people have been reaching out to their mothers in Russia. [01:05:53] They've done a lot of stuff with telegram it's interest. And hopefully eventually we'll find out what the real truth is, right? Because all sides in the military use a lot of propaganda, right? The first casualty in war is the truth. It always has been. So we're selling to a country, Ukraine that has made a lot of money off of selling. [01:06:19] Been systems being an inter intermediary. So you're not buying the system from Russia? No, no. You're buying it from Ukraine and it has been of course, just as deadly, but now we are sending. Equipment military great equipment to Ukraine. We could talk about just that a lot. I, I mentioned the whole lend lease program many months ago. [01:06:45] Now it seems to be in the news. Now takes a while for the mainstream media to catch up with us. I'm usually about six to 12 weeks ahead of what they're talking about. And so when we're talking about Lynn Le, it means. We're not giving it to them. We're not selling it to them. We're just lending them the equipment or perhaps leasing it just like we did for the United Kingdom back in world. [01:07:10] Wari, not a bad idea. If you want to get weapons into the hands of an adversary and not really, or not an adversary, but an ally or potential ally against an adversary that you have, and they have. But part of the problem is we're talking about Ukraine here. Ukraine was not invited in NATO because it was so corrupt. [01:07:33] You might remember. they elected a new president over there that president started investigating, hired a prosecutor to go after the corruption in Ukraine. And then you heard president Joe Biden, vice president at the time bragging about how he got this guy shut down. Uh, yeah, he, he got the prosecutor shut down the prosecutor that had his sights on, of course hunter Biden as well as other people. [01:08:00] So it it's a real problem, but. Let's set that aside for now, we're talking about Ukraine and the weapon systems we've been sending over there. There have been rumors out there. I haven't seen hard evidence, but I have seen things in various papers worldwide talking about telegrams, saying. That the Ukrainians have somehow gotten their hands on these weapons and are selling them on telegram. [01:08:30] Imagine that, uh, effectively kind of a dark web thing, I guess. So we're, we're saying, well, you know, Biden administration, uh, you know, yeah. Okay. Uh, that, that none of this is going to happen. Why? Well, because we went ahead and we put into the contracts that they could not sell or share or give any of this equipment away without the explicit permission of the United States government. [01:09:01] Well, okay. That, that kind of sounds like it's not a bad idea. I would certainly put it into any contract like this, no question, but what could happen here? If this equipment falls into the hands of our adversaries or, or other Western countries, NATO countries, how do you keep track of them? It it's very hard to do. [01:09:22] How do you know who's actually using them? Very hard to do so enforcing these types of contracts is very difficult, which makes a contract pretty weak, frankly. And then let's look at Washington DC, the United States, according to the Washington post in mid April, gave Ukraine a fleet of I 17 helicopter. [01:09:49] Now these MI 17 helicopters are Russian, originally Soviet designs. Okay. And they were bought by the United States. About 10 years ago, we bought them for Afghan's government, which of course now has been deposed, but we still have our hands on some of these helicopters. And when we bought them from Russia, We signed a contract. [01:10:16] The United States signed a contract promising not to transfer the helicopters to any third country quote without the approval of the Russian Federation. Now that's according to a copy of the certificate that's posted on the website of Russia's federal service on military technical cooperation. So there you. [01:10:38] Russia's come out and said that our transfer, those helicopters has grossly violated the foundations of international law. And, and you know, what they, it has, right. Arms experts are saying that Russia's aggression Ukraine more than justifies us support, but the violations of the weapons contracts, man, that really hurts our credibility and the, our we're not honoring these contracts. [01:11:06] How can we expect Ukraine to honor those contracts? That's where the problem really comes in. And it's ultimately a very, very big problem. So this emergency spending bill that it, you know, the $30 billion. Makes Ukraine, the world's single largest recipient of us security assistance ever. They've received more in 2022 than United States ever provided to Afghanistan, Iraq, or Israel in a single year. [01:11:40] So they're adding to the stockpiles of weapons that we've already committed. We've got 1400 stinger anti-aircraft systems, 5,500 anti tank, Mitch missiles, 700 switch blade drones, nine 90. Excuse me, long range Howards. That's our Tillery 7,000 small arms. 50 million rounds of ammunition and other minds, explosives and laser guided rocket systems, according to the Washington post. [01:12:10] So it's fascinating to look. It's a real problem. And now that we've got the bad guys who are using the dark web, remember the dark web system that we set up, the onion network. Yeah. That one, uh, they can take these, they can sell them, they can move them around. It is a real problem. A very big problem. What are we gonna do when all of those weapons systems come back aimed at us this time? [01:12:40] You know, it's one thing to leave billions of dollars worth of helicopters, et cetera, back in Afghanistan is the Biden administration did with their crazy withdrawal tactic. Um, but at least those will wear out the bullets, missile systems, Howard, yours, huh? Different deal. [01:13:01] It seems like the government calls war on everything, the war against drugs or against poverty. Well, now we are looking at a war against end to end encryption by government's worldwide, including our own. [01:13:18] The European union is following in America's footstep steps, again, only a few years behind this time. [01:13:27] Uh, but it's not a good thing. In this case, you might remember a few have been following cybersecurity. Like I have back in the Clinton administration, there was a very heavy push for something called the clipper chip. And I think that whole clipper chip. Actually started with the Bush administration and it was a bad, bad thing, uh, because what they were trying to do is force all businesses to use this encryption chip set that was developed and promoted by the national security agency. [01:14:04] And it's supposed to be an encryption device that is used to secure, uh, voice and data messages. And it had a built in. Back door that allowed federal state, local law enforcement, anybody that had the key, the ability to decode any intercepted voice or data transmissions. It was introduced in 93 and was thank goodness. [01:14:32] Defunct by 1996. So it used something called skip Jack man. I remember that a lot and it used it to transfer dilly or Diffy excuse me, Hellman key exchange. I've worked with that before crypto keys. It used, it used the, uh, Des algorithm, the data encryption standard, which is still used today. And the Clinton administration argued that the clipper chip was. [01:14:59] Absolutely essential for law enforcement to keep up with a constantly progressing technology in the United States. And a lot of people believe that using this would act as frankly, an additional way for terrorists to receive information and to break into encrypted information. And the Clinton administration argued that it, it would increase national security because terrorists would have to use it to communicate with outsiders, bank, suppliers, contacts, and the government could listen in on those calls. [01:15:33] Right. Aren't we supposed to in United States have have a right to be secure in our papers and other things, right? The, the federal government has no right to come into any of that stuff unless they get a court order. So they were saying, well, we would take this key. We'll make sure that it's in a, a lock box, just like Al gore social security money. [01:15:55] And no one would be able to get their hands on it, except anyone that wanted to, unless there was a court order and you know how this stuff goes, right. It, it just continues to progress. And. A lot worse. Well, there was a lot of backlash by it. The electronic privacy information center, electronic frontier foundation boast, both pushed back saying that it would not. [01:16:20] Only have the effect of, of not, excuse me, have the effect of this is a quote, not only subjecting citizens to increased impossibly illegal government surveillance, but that the strength of the clipper trips encryption could not be evaluated by the public as its design. Was classified secret and that therefore individuals and businesses might be hobbled with an insecure communication system, which is absolutely true. [01:16:48] And the NSA went on to do some things like pollute, random number generators and other things to make it so that it was almost impossible to have end-to-end encrypted data. So we were able to kill. Many years ago. Now what about 30 years ago? Uh, when they introduced this thing? Well, it took a few years to get rid of it, but now the EU is out there saying they want to stop end, end encryption. [01:17:16] The United States has already said that, or the new director of Homeland security has, and as well as Trump's, uh, again, Homeland security people said we need to be able to break the. And, and we've talked about some of the stories, real world stories of things that have happened because of the encryption. [01:17:37] So the EU has now got a proposal forward that would force tech companies to scan private messages for child sexual abuse material called CSAM and evidence of grooming. Even when those messages are supposed to be protected by end to end encrypt. So we know how this goes, right? It, it starts at something that's, everybody can agree on, right? [01:18:05] This child, sexual abuse material, uh, abductions of children, all, you know, there's still a lot of slavery going on in the world. All of that stuff needs to be stopped. And so we say, ye

    How Private is Crypto? What About WhatsApp and Signal?

    Play Episode Listen Later Jun 18, 2022 82:20

    How Private is Crypto? What About WhatsApp and Signal? Cryptocurrencies were thought to be like the gold standard of security, of having your information stay private. Maybe you don't want to use regular currency and transactions. It's all changed. [Automated transcript follows.] [00:00:14] We have had such volatility over the years when it comes to what are called cryptocurrencies. [00:00:21] Now I get a lot of questions about cryptocurrencies. First of all, let me say, I have never owned any cryptocurrencies and I do not own any crypto assets at all. Most people look at crypto currencies and think of a couple of things. First of all, an investment. An investment is something that you can use or sell, right? [00:00:42] Typically investments you don't really use. It's like a house. Is it an investment? Not so much. It's more of a liability, but people look at it and say listen, it went from what was a 10,000. Bitcoins to buy a pizza to, it went up to $50,000 per Bitcoin. There's a pretty big jump there. [00:01:03] And yeah, it was pretty big. And of course, it's gone way down and it's gone back up and it's gone down. It's gone back up. But the idea of any kind of currency is can you do anything with the currency? You can take a dollar bill and go and try and buy a cup of coffee. Okay. A $10 bill and buy a cup of coffee in most places anyways. [00:01:26] That sounds like a good idea. I could probably use a cup of coffee right now and get a tickle on my throat. I hate that. But if you have something like Bitcoin, where can you spend it? You might remember Elon Musk was saying, yeah, you can use Bitcoin to buy a Tesla. Also Wikipedia would accept donations. [00:01:45] Via Bitcoin, there were a number of places online that you could use. Bitcoin. In fact, there's a country right now in south central America that has Bitcoin as its currency. That's cool too. When you think about it, what is, so what are you gonna do? Latin American country? I'm trying to remember what it is. [00:02:05] Oh yeah. It's all Salvador. The first country in the world to adopt Bitcoin is an official legal tender. Now there's a number of reasons they're doing that and he can do it basically. If you got a dictator, you can do almost anything you want to. So in El Salvador, they've got apps that you can use and you can go and buy a tree taco using Bitcoin using their app. [00:02:31] So there you go. If you have Bitcoin, you can go to El Salvador and you can buy all of the tacos and other basic stuff you might wanna buy. But in general, No you can't just go and take any of these cryptocurrencies and use them anywhere. So what good are they as a currency? we already established that they haven't been good as an investment unless you're paying a lot of attention and you're every day buying and selling based on what the movement is. [00:02:59] I know a guy that does exactly that it's, he's a day trader basically in some of these cryptocurrencies, good for. But in reality, is that something that makes sense in a long term? Is that going to help him long term? I don't know. I really don't because again, there's no intrinsic value. [00:03:18] So some of the cryptocurrencies have decided let's have some sort of intrinsic value. And what they've done is they've created what are generally known as stable coins. And a stable coin is a type of cryptocurrency that behind it has the ability to be tied to something that's stable. So for instance, one that really hit the news recently is a stable coin that is tied to the us dollar. [00:03:46] And yet, even though it is tied to the us dollar and the coin is a dollar and the dollar is a coin. They managed to get down into the few pennies worth of value, kinda like penny. so what good was that, it has since come back up, some are tied to other types of assets. Some of them say we have gold behind us. [00:04:09] Kinda like what the United States used to do back when we were on the gold standard. And we became the petrol dollar where countries were using our currency are us dollars, no matter which country it was to buy and sell oil. Things have changed obviously. And we're not gonna talk about. The whole Petro dollar thing right now. [00:04:30] So forget about that. Second benefit. Third benefit is while it's crypto, which means it's encrypted, which means we're safe from anybody's spine on us, anybody stealing it. And of course that's been proven to be false too. We've seen the cryptocurrencies stolen by the billions of dollars. We've seen these cryptocurrencies lost by the billions of dollars as well. [00:04:58] That's pretty substantial. We get right down to it, lost by the billions because people had them in their crypto wallets, lost the password for the crypto wallet. And all of a sudden, now they are completely out of luck. Does that make sense to you? So the basic. Idea behind currency is to make it easier to use the currency than to say, I'll trade you a chicken for five pounds of nail. [00:05:25] Does that make sense to you? So you use a currency. So you say the chicken is worth five bucks. Actually chicken is nowadays is about $30. If it's a LA hen and those five pounds of nails are probably worth about $30. So we just exchanged dollars back and forth. I think that makes a lot of sense. One of the things that has driven up the value of cryptocurrencies, particularly Bitcoin has been criminal marketplaces. [00:05:53] As you look at some of the stats of ransoms that are occurring, where people's computers are taken over via ransomware, and then that person then pays a ransom. And what happens when they pay that ransom while they have to go find an exchange. Pay us dollars to buy cryptocurrency Bitcoin usually. And then they have the Bitcoin and they have to transfer to another wallet, whether or not the bad guys can use the money. [00:06:25] Is a, again, a separate discussion. They certainly can than they do because some of these countries like Russia are going ahead and just exchanging the critical currencies for rubs, which again, makes sense if you're Russia. Now we have a lot of criminals that have been using the Bitcoin for ransoms businesses. [00:06:49] Publicly traded businesses have been buying Bitcoin by the tens of millions of dollars so that they have it as an asset. In case they get ransom. Things have changed. There's a great article in NBC news, by Kevin Collier. And Kevin's talking about this California man who was scammed out of hundreds of thousands of dollars worth of cryptocurrency. [00:07:15] Now this was a fake romance scam, which is a fairly common one. It. It tends to target older people who are lonely and a romance starts online and they go ahead and talk and kind of fall in love. And it turns out she or he has this really almost terminal disease. If only they had an extra, a hundred thousand dollars to pay for the surgery. [00:07:45] You, you know the story, so he was conned out of the money. What's interesting to me is how the investigation and investigative ability has changed over the years. Probably about five years ago, I sat through a briefing by the secret service and. In that briefing, they explained how they had gone and very, quite cleverly tracked the money that was being sent to and used by this dark web operator who ran a site known as a silk road. [00:08:22] And that site was selling illegal things online. Oh, and the currency that they were tracking was Bitcoin. Yes, indeed. So much for cryptocurrency being secure it, five years ago, the secret service was able to do it. The FBI was able to do it and they couldn't do a whole lot about it. But part of the problem is all of your transactions are a matter of public record. [00:08:52] So if someone sends you a fraction of a Bitcoin. That is now in a ledger and that ledger now can be used because when you then spend. Fraction of a Bitcoin somewhere else, it can be tracked. It is tracked is a hundred percent guaranteed to be tracked. And once it's tracked government can get in. [00:09:15] Now, in this case, a deputy district attorney in Santa Clara county, California, was able to track the movement of the cryptocurrency. Yeah. So this district attorney, okay. Deputy district attorney, not the FBI, not the secret service, not the national security agency, a local district attorney in Santa Clara county, California, not a particularly huge county, but. [00:09:44] She was able to track it. And she said that she thinks that the scammer lives in a country where they can't easily extradite them. And so they're unlikely to be arrested at any time soon. So that includes countries like Russia that do not extradite criminals to the United States. Now getting into the details. [00:10:03] There's a great quote from her in this NBC news article, our bread and butter these days really is tracing cryptocurrency and trying to seize it and trying to get there faster than the bad guys are moving it elsewhere, where we can't. Grab it. So she said the team tracked the victim's money as it bounced from one digital wallet to another, till it ended up at a major cryptocurrency exchange where it appeared the scammer was planning to launder the money or cash out, they sent a warrant to the exchange. [00:10:35] Froze the money and she plans to return it to the victim. That is a dramatic reversal from just a few years back when cryptocurrencies were seen as a boon for criminals. Amazing. Isn't it? Stick around. We get a lot more to talk about here and of course, sign up online Craig peterson.com and get my free newsletter. [00:11:01] There have been a lot of efforts by many companies, Microsoft, apple, Google, to try and get rid of passwords. How can you do that? What is a password and what are these new technologies? Apple thinks they have the answer. [00:11:17] Passwords have been the bane of existence for a long while. And if you'd like, I have a special report on passwords, where I talk about password managers, things you can do, things you should do in order to help keep your information safe, online things like. [00:11:34] Bank accounts, et cetera. Just email me, Craig peterson.com and ask for the password special report and I'll get it to you. Believe me it's self-contained it's not trying to get you to buy something. Nothing. It is entirely about passwords and what you can do again, just email me, me@craigpeterson.com and we'll get right back with you. [00:11:56] Give us a couple of days, passwords are a problem. And over the years, the standards for passwords have changed. I remember way back when some of the passwords might be 2, 3, 4 characters long. and back then, those were hard to crack. Then Unix came along. I started using Unix and when was that? [00:12:16] Probably about 81. And as I was messing around with Unix, I. They used to had a couple of changes in how they did passwords. They added assault to it. They used basically the same cipher that the Germans used in world war II, that enigma cipher, which again was okay for the times today, we have much more powerful ciphers and the biggest concern right now, amongst real cybersecurity people. [00:12:43] Government agencies is okay. So what are we going to do when these new quantum computers come along with their artificial intelligence and other things, that's going to be a bit of a problem because quantum computers are able to solve problems in fractions of a second. Even that traditional computers cannot solve it. [00:13:10] It's a whole different thing. I want you to think. Something here. I, if you have a handful of spaghetti now we're talking about hard spaghetti, not cooked spaghetti and they all dried out and they are a varying links. How could you sort those into the smallest to largest, if you will, how could you find which ones were the longest, perhaps? [00:13:37] Which ones were the shortest? There's an analog way of doing that and there's a digital way of doing that. So the digital way for the computer would be. To measure them all and compare the measurements and then identify how long the longest one was. And then maybe you'd have to go back and try and find that. [00:13:55] So you can imagine that would take some time, the analog way of doing that. Cuz there still are analog computers out there and they do an amazing job in certain tasks, but the analog way of doing that is okay. So you take that bundle of various length spaghetti and you slam it on the table. What's gonna happen while those pieces of dried spaghetti are going to self align, right? [00:14:22] The shortest ones are going to be down at the bottom and the tallest one's gonna be sticking out from the top. So there you go. There's your tallest, your longest pieces of spaghetti, and it's done. Instantly. So that's just an idea here, quantum, computing's not the same thing, but that's a comparison really of digital and analog computers, but it's the same type of thing. [00:14:45] Some of these problems that would take thousands of years for digital computer. To work out, can just take a fraction of a second. It's absolutely amazing. So when we're looking at today's algorithms, today's programs for encrypting things like military information, secret telegrams, if you will going back and forth in inside the secretary of state embasies worldwide. [00:15:10] Today they're considered to be quite secure, but with quantum computing what's gonna happen. So there are a lot of people out there right now who are working on trying to figure out how can we come up with an algorithm that works today with our digital computers and can be easily solved by quantum computer. [00:15:34] We have a pretty good idea of how quantum computers are going to work in the future, how they work right now, but this really gets us to the next level, which is cool. Franklin. That's a little bit here about cybersecurity. How about you and your password? How does this all tie in? [00:15:51] There are a few standards out there that people have been trying to pass is it's no longer the four character password you might remember. Oh, it needs to be eight to 10 characters, random mix of upper lowercase, special digits, character numbers. You remember those? And you should change it every 30 days. [00:16:09] And those recommendations changed about three or four years ago when the national Institute of standards and technology said, Hey guys pass phrase is much better than the, what we've been doing because people are gonna remember it and it can be longer. So if you are using I have some past phrases I use that are 30 characters or more. [00:16:33] And I mix up the case and I mix up mix ins on special characters and some numbers, but it's a phrase that I can remember and I have different phrases for different websites. Cause I use a password manager right now. I have about 3,100 entries in my password manager. That's a lot. And I bet you have a lot more passwords or at least a lot more websites and accounts than you realize. [00:17:03] And so that gets to be a real problem. How do you make all of this work and make it easy for people? One of the ways that that. They're looking at using is something called the Fido alliances technique. And the idea behind Fido is actually similar to what I do right now. Cause I use one password.com. [00:17:24] I have an app on my phone and the phone goes ahead and gives me the password. In fact, it'll. Put it in. I have plugins in my browsers. It'll put it right into the password form on the website. And then it'll ask me on my phone. Hey, is that really you? And I'll say yes, using duo and TA I'm logged in it's really quite cool. [00:17:48] Fido is a little different than that, but the same, the whole idea behind Fido is you registered a website and the website will send a request to the Fido app. That's on your phone. So now on your phone, you'll use biometrics or maybe one time pass key, those six digit keys that change every 30 seconds. [00:18:13] And so now you on your phone, you say yeah. That's me. That's good. That's me. Yeah. Okay. And then the app will exchange with the website using public key cryptography. A public key and it's gonna be unique public key for that website. So it'll generate a private key and a public key for that website. [00:18:35] And now TA a, the website does not have your password and cannot get your password. And anytime you log in, it's going to ask you on your smartphone. Is this. And there's ways beyond smartphones. And if you wanna find out more about passwords, I've got, again, that free, special report, just Craig peterson.com. [00:18:59] Email me, just email me@craigpeterson.com and I'll make sure we send that off to you and explains a lot about passwords and current technology. So Fido is one way of doing this and a few different companies have gone ahead and have invested some. Into final registration, because it requires changes on the websites as well in order to. [00:19:25] With Fido. Now you might use a pin, you might use the biometrics, et cetera, but apple has decided they've come up with something even better. Now there's still a lot of questions about what apple is doing, but they are rolling it into the next release of iOS and also of Mac operating system. And you'll be able to use that to secure. [00:19:48] Log into websites. I think Apple's gonna get a lot of traction on this and I think it's gonna be better for all of us involved here. We'll see. There's still a lot of UN unanswered questions, but I'll keep you up to date on this whole password technology stick around. [00:20:08] There are ways for us to communicate nowadays easy ways, but are the easy ways, the best ways, the question here, frankly. And part of this answer has to do with WhatsApp and we'll talk right now. [00:20:23] Many people have asked me about secure messaging. You probably know by now that sending text messages is not secure. [00:20:34] In fact, it could be illegal if you have any personal information about. Patients or maybe employees, you just can't send those over open channels. So what apple has done for instance is they've got their messaging app and if the message is green, it's just reminding you that this is a text message. Now they stuck with green because that was the industry's standard. [00:21:01] Green does not mean safe in the apple world when it comes to iMessage. Blue does. So they've got end to end encryption. So if the message is blue, that means the encryptions in place from side to side, there are on the other end of the spectrum. There are apps like telegram, which are not. Particularly safe. [00:21:22] Now, telegram has pulled up it socks a little bit here, but in order to have end to end encryption and telegram, you have to manually turn it on. It is not on by default. I also personally don't trust telegram because of their background, things that they've done in the past. Avoid that. [00:21:43] WhatsApp is something I've been asked about. I had a family member of a service member who was overseas, ask if WhatsApp was safe for them to communicate on cuz they didn't want third parties picking. Private messages, things you say and do online with friends and family are not necessarily things there are for public consumption. [00:22:06] So the answer that I gave was yeah, you might remember Facebook getting WhatsApp. They bought it and deciding they were going to make some changes to the privacy settings in. now that was really a big mistake. They said we're gonna add advertisements. How are you going to effectively advertise? [00:22:27] If you don't know what we're talking about, have you noticed advertising platforms? If you look up something or someone else in your house looks up something, if your neighbors are looking up, they assume that you might be interested in it as well. So what do they do? They go ahead and show you ads for that brand new pair of socks that you never really cared about, but because the algorithms in the background figured yeah, that's what you've been talking about. [00:22:55] Let's pass out your pair of socks. So if Facebook is going to. Add into WhatsApp, what's going to happen. Are they going to be monitoring what you're saying? And then sending you some of these messages, right? These ads, because of that, a lot of people started looking for a more secure. Platform and that's frankly, where Moxi Marlin spike comes in a fun name, the bloom in this case, but he started a company called signal. [00:23:30] He didn't just start it. He wrote the code for it, the server code, everything. And the whole idea behind signal was to have a guaranteed safe end to end way to communicate. A third party with a friend, a relative, et cetera. So signal is something that I've used in the past. And I used from time to time now, as well, depending on who I'm talking to. [00:23:56] And it does allow you to send messages. It does allow you to talk. You can do all kinds of stuff with it. So now there's an issue with signal. It's disappointing. Moxi has stepped down from running signal. There's a company behind it in January, 2022. And he said, the company's begin off. They can run themselves. [00:24:19] He's still on the board of direct. And the guy who's currently the head of signal is also a very privacy focused guy, which is really good too signal by the way is free. And you can get it for pretty much any platform you would care to have it for a very nice piece of software. I like what they've done. [00:24:38] Now the problem is that some of those people at signal have decided that they should have a way of making payments inside signal. So a few months ago, they went ahead and added into signal, a piece of software that allows you to send. Payments online. Now this is a little concerning and the let's talk about some of the reasons for the concern. [00:25:09] Basically what we're seeing is a cryptocurrency that Moxi himself helped to put in place now, I guess that's good cuz he understands it. It's supposedly a cryptocurrency that is privacy. Focused. And that's a good thing. What type of crypto is it? That's privacy focused. And how good is it going to be? [00:25:34] Those are all good questions, but here's the biggest problem. I think that comes from this. We've got our friends at Facebook, again, trying to add crypto payments to their various messenger and other products. We're seeing that from a lot of these communication systems, cuz they can skim a little off the top legally, charge you a fee and then make their money that way. But. What happens when you put it into an encrypted messaging app? Bottom line, a lot of bad things can happen here because now all of a sudden you come under financial regulations, right? Because you are performing a financial. Function. So now potentially here, there could be criminal misuse of the app because you could have ransomware and they say, reach us on signal. [00:26:33] Here's our signal account. And go ahead and send us crypto. it's called mobile coin by the way, this particular cryptocurrency. So now all of a sudden you are opening up the possibility of all kinds of bad things happening and your app signal, which was originally great for messaging now being used nefariously. [00:26:57] I think that's a real problem. Now, when it comes to money transfer functions with cryptocurrencies to say that they're anonymous, I think is a hundred percent a misnomer because it's really pseudo anonymous. It's never completely anonymous. So now you've increased the legal attack surface here. So now the various regulators and countries around the world can say, Hey. [00:27:26] This is no longer just a messaging app. You are using it to send money. We wanna track all money transactions. And so what does that mean? That means now we need to be able to break the encryption or need to shut down your app, or you need to stop the ability to send money. So the concern right now with signal is we really could have some legal problems with signal. [00:27:53] And we could potentially cause some real life harm. On the other side of, this is what Moi Marlin spike has been really driving with signal over the years, which is we don't want anyone to be able to break into signal. So there's a particularly one Israeli based company that sells tools that you can buy that allow you to break into smartphone. [00:28:20] And they're used by everybody from criminals. You can even buy some of these things on eBay. And they're used also by law enforcement agencies. So he found that there was a bug in one of the libraries that's used by this Israeli soft. To where that causes it to crash. And so he puts some code into signal, at least he threatened to that would cause any of the scanning software that tries to break into your smartphone to fail to crash. [00:28:53] Yeah. Yeah. Cool. Greg Peterson here, online Craig peterson.com and really you are not alone. [00:29:09] I got some good news about ransomware and some bad news about B E C business email compromise. In fact, I got a call just this just this week from someone who had in fact again, had their operating account emptied. [00:29:27] Ransomware is a real problem, but it's interesting to watch it as it's evolved over the years. [00:29:36] We're now seeing crackdowns driving down ransomware profits. Yes, indeed. Ransomware's ROI is dropping the return on investment. And so what we're starting to see is a drive towards more. Business email compromise attack. So we'll talk about those, what those are. And I have a couple of clients now that became clients because of the business email compromises that happened to them. [00:30:10] A great article that was in this week's newsletter. You should have received it Tuesday morning from me. If you are signed up for the free newsletter. Craig peterson.com/subscribe. You'll get these usually Tuesday morning. It's my insider show notes. So you can get up to speed on some of the articles I'm talking about during the week that I talk about on the radio. [00:30:38] And of course talk about here on the radio show and podcast and everything else as well. So what we're seeing here, according to dark readings, editor, Becky Bracken is some major changes, a pivot by the bad guys, because at the RSA conference, they're saying that law enforcement crackdowns try cryptocurrency regulations. [00:31:05] We've been talking about that today and ransomware as a service operator. Downs are driving the return on investment for ransomware operations across the world all the way across the globe. So what is ransomware as a service? I think that's a good place to start because that has really been an Albert Cross around our next for a long time. [00:31:30] The idea with ransomware is they get you to download some software, run some software that you really should not be running. That makes sense to you. So you get this software on your computer, it exfil trades files. So in other words, it takes files that you have sends them. Off to the bad guys. And then once it's done that, so it'll send like any word files, it finds Excel, other files. [00:32:00] It might find interesting once it's done that, then it goes ahead and encrypts those files. So you no longer have access to them and it doesn't just do them on your computer. If you share a drive, let's say you've got a Gdrive or something else on your computer that is being mounted from either another computer or maybe a server. [00:32:24] It will go ahead and do the same thing. With those files. And remember it, isn't just encrypting because if you have a good backup and by the way, most businesses that I've come into do not have a good backup, which is a real problem because their backups fail. They haven't run. I had one case where we helped the business out and it had been a year and a half since they had a successful backup and they had no. [00:32:52] They were dutifully carrying home. These USB drives every day, plug in a new one in, and the backups were not running. Absolutely amazing. So anyhow, ransomware is a service then. So they've encrypted your files. They've exfiltrated. In other words, they've taken your files and then they demand a ran. [00:33:14] So usually it's like this red screen that comes up and says, Hey all your files are belong to us and you need to contact us. So they have people who help you buy Bitcoin or whatever they're looking for. Usually it's Bitcoin and send the Bitcoin to them. And then they'll give you what's hopefully a decryption. [00:33:38] Now what's particularly interesting about these decryption keys is they work about half of the time. So in other words, about half of the time, you'll get all your data back about half the time. You will not, it's just not good. So if you are a small operator, if you are just a small, bad guy and it's you and maybe somebody else helping you, you got your nephew there helping you out. [00:34:03] How are you going to. Help these people that you're ransoming by the cryptocurrency. How are you going to threaten them with release of their documents online? Unless you have a staff of people to really help you out here? That's where ransomware's a service comes in. The whole idea behind RA is. [00:34:25] You can just be a one man shop. And all you have to do is get someone to open this file. So you go ahead and register with the ransomware service provider and they give you the software and you embed your little key in there, so they know it's you. And then you send it off in an email. You might try and mess with those people to get them to do something they shouldn't do. [00:34:49] And. That's all you have to do because once somebody opens up that file that you sent them, it's in the hand of these service guys and ransomwares the service guys. So the, these ransomwares of service people will do all of the tech support. They'll help people buy the Bitcoin. They'll help them pay the ransom. [00:35:11] They'll help them recover files, to a certain extent. Does this make sense to you? Yeah, it's kinda crazy. Now I wanna offer you, I've got this document about the new rules for backup and again, it's free. You can get it. No problem. Just go ahead and email me, me@craigpeterson.com m@craigpeterson.com because the backups are so important and. [00:35:38] Just like password rules have changed. The rules have changed for backups as well. So just drop me an email me@craigpeterson.com and ask for it and we'll make sure we send it off to you and is not trying to sell you more stuff. Okay. It's really is explaining the whole thing for you. I'm not holding anything back. [00:35:54] These ransoms, the service operators, then get the payment from you and then pay a percentage anywhere from 80% to 50%, sometimes even lower to the person who ransom due. Isn't that just wonderful. So our law enforcement people, as well as in other countries have been going after the ransomware as a service providers, because if they can shut down. [00:36:21] These RAs guys just shutting. One of them down can shut down thousands of small ransomware people. Isn't that cool works really well. So they have been shut down. Many of them there's one that just popped its head back up again. After about six months, we'll see how far they get, but it is a very big. [00:36:46] Blow to the whole industry, ransomware really because of these O as a service operators has become a centralized business. So there's a small number of operators responsible for the majority of these thousands of hundreds of thousands of attacks. Really. It's probably worse than. So couple of dis big groups are left the KTI group and lock bit, and they've got more than 50% of the share of ransomware attacks in the first half of 2022. [00:37:18] But now they're going after them. The feds. And I think that makes a whole lot of sense, because who do you go for while you go for the people who are causing the most harm and that's certainly them. So I expect they'll be shut down sometimes soon, too. Ransomware had its moment over the last couple of years, still a lot of ransomware out there, still a lot of problems, but now we're seeing B C business, email compromise tactics, and I did a. [00:37:50] At television appearance, where I was working with the the newsmaker or whatever they call them, talking heads on that TV show and explaining what was happening. And the most standard tactic right now is the gift card swindle. I should put together a little video on this one, but it was all, it's all about tricking employees into buying bogus gift cards. [00:38:18] So this good old fashioned Grif is still working. And what happened in our case is it was actually one of the newscasters who got an email, supposedly from someone else saying, Hey we wanna celebrate everybody. And in order to do that, I wanna give 'em all gift cards. So can you go out and buy gift cards? [00:38:42] And so we messed around with them. It was really fun and said, okay what denomination, how many do you think we need? Who do you think we should give them to? And of course we knew what we were doing. Their English grammar was not very good. And it was really obvious that this was not. [00:38:59] The person they were pretending to be. So that happens and it happens a lot. They got into a business email account, the email account of that newscaster. So they were able to go through their email, figure out who else was in the business, who was a trusted source inside of the business. So they could pretend that that they were that newscaster and send emails to this trusted source. [00:39:31] And today these business email compromise attacks are aimed at the financial supply chain. And once these threat actors are inside, they look for opportunities to spoof vendor emails, to send payments to controlled accounts. And the worst case I know of this is a company that sent $45 million. To a scammer. [00:39:57] And what happened here is the, this woman pretended to be the CEO who was out of the country at the time and got the CFO to wire the money to her. An interesting story. We'll have to tell it to you sometime, but it's a real problem. And we just had another one. We've had them in school districts, look, 'em up online, do a duck dot, go search for them and you'll find them right. [00:40:24] Left and center because social engineering works. And frankly, business email compromise is a clear threat to businesses everywhere. I, as I mentioned, we had one listens to the show, contact us just last week. Again, $40,000 taken out of the operating account. We had another one that had a, I think it was $120,000 taken out of the operating account. [00:40:53] And another one that had about $80,000 taken outta the operating account. Make sure you're on my newsletter. even the free one. I do weekly free trainings. Craig peterson.com. Make sure you subscribe now. [00:41:10] Facebook's about 18 years old coming on 20 Facebook has a lot of data. How much stuff have you given Facebook? Did you fall victim for that? Hey, upload your contacts. We'll find your friends. They don't know where your data is. [00:41:26] It's going to be a great time today because man. This whole thing with Facebook has exploded here lately. [00:41:35] There is an article that had appeared on a line from our friends over at, I think it was, yeah. Let me see here. Yeah. Yeah. Motherboard. I was right. And motherboards reporting that Facebook doesn't know what it does with your data or. It goes now, there's always a lot of rumors about different companies and particularly when they're big company and the news headlines are grabbing your attention. [00:42:08] And certainly Facebook can be one of those companies. So where did motherboard get this opinion about Facebook? Just being completely clueless about your personal data? It came from a leaked document. Yeah, exactly. So I, we find out a lot of stuff like that. I used to follow a website about companies that were going to go under and they posted internal memos. [00:42:38] It basically got sued out of existence, but there's no way that Facebook is gonna be able to Sue this one out of existence because they are describing this as. Internally as a tsunami of privacy regulations all over the world. So of course, if you're older, we used to call those TIAL waves, but think of what the implication there is of a tsunami coming in and just overwhelming everything. [00:43:08] So Facebook internally, they, their engineers are trying to figure out, okay, so how do we deal? People's personal data. It's not categorized in ways that regulators want to control it. Now there's a huge problem right there. You've got third party data. You've got first party data. You've got sensitive categories, data. [00:43:31] They might know what religion you are, what your persuasions are in various different ways. There's a lot of things they might know about you. How are they all CATA categorized? Now we've got the European union. With their gen general data protection regulation. The GDPR we talked about when it came into effect back in 2018, and I've helped a few companies to comply with that. [00:43:56] That's not my specialty. My specialty is the cybersecurity side. But in article five, this European law mandates that personal data must be collected for specified explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. So what that means is that every piece of data, like where you are using Facebook or your religious orientation, Can only be collected and used for a specific purpose and not reused for another purpose. [00:44:34] So there's an example here that vice is giving in past Facebook, took the phone number that users provided to protect their accounts with two factor authentication and fed it to its people, feature as well as. Advertisers. Yeah. Interesting. Eh, so Gizmoto with the help of academic researchers caught Facebook doing this, and eventually the company had to stop the practice. [00:45:01] Cuz this goes back to the earlier days where Facebook would say, Hey, find out if your friends are on Facebook, upload your contacts right now. And most people. What did you know back then about trying to keep your data private, to try and stop the proliferation of information about you online and nothing. [00:45:21] I think I probably even uploaded it back then thinking that'd be nice to see if I got friends here. We can start chatting, et cetera. According to legal experts that were interviewed by motherboard who wrote this article and has a copy of the internal me memo, this European regulation specifically prohibits that kind of repurposing of your phone number of trying to put together the social graph and the leak document shows that Facebook may not even have the ability to limit. [00:45:53] how it handles users data. Now I was on a number of radio stations this week, talking about this and the example I gave, I is just look at an average business from the time it start, Facebook started how right. You scrape in pictures of young women off of Harvard universities. Main catalog, contact page, and then asking people what do you think of this rate? This person rate that person and off they go, trying to rate them. Yeah. All that matters to a woman, at least according to mark Zuckerberg or all that matters about a woman is how she looks. Do I think she's pretty or not ridiculous what he was doing? [00:46:35] I, it just, oh, that's Zuckerberg, right? That's. Who he is not a great guy anyways. So you go from stealing pictures of young ladies asking people to rate them, putting together some class information and stuff there at Harvard, and then moving on to other universities and then opening up even wider and wider. [00:47:00] And of course, that also created demand cuz you can't get on. If you're not at one of the universities that we have set it up for. And then you continue to grow. You're adding these universities, certain you're starting to collect data and you're making more money than God. So what do you do? You don't have to worry about inefficiencies. [00:47:20] I'll tell you that. One thing you don't have to do is worry about, oh, GE we've got a lot of redundant work going on here. We've got a lot of teams working on basically the same thing. No, you've got more money than you can possibly shake a stick at. So now you go ahead and send that money to this group or that group. [00:47:41] And they put together all of the basic information, that, that they want. They are. Pulling it out of this database and that database, and they're doing some correlation writing some really cool sequel queries with some incredible joins and everything else. And now that becomes part of the main code for Facebook. [00:48:02] And then Facebook goes on to the next little project and they do the same thing. Then the next project, then the next project. And then someone comes along and says Hey, we. This feature, that feature for advertisers and then in that goes, and then along comes candidate Obama. And they, one of the groups inside Facebook says yeah here we go. [00:48:25] Here's all of the information we have about everybody and it's free. Don't worry about it. And then when Trump actually bought it and hired a company to try and process some of that information he got in trouble. No but the Obama. The whole campaign could get access to anything they wanted to, again, because the data wasn't controlled, they had no idea who was doing what with the data. [00:48:50] And according to this internal memo, they still don't know. They don't even know if they can possibly comply with these regulations, not just in Europe, but we have regulations in pretty much all of the 50 states in the us Canada of course, has their own Australia, New Zealand think about all the places. [00:49:12] Facebook makes a lot of money. So here's a quote from that we build systems with open borders. The result of these open systems and open culture is well described with an analogy. Imagine you hold a bottle of ink in your hand, the bottle of ink is a mixture of all kinds of user data. You pour that ink into a lake of water. [00:49:34] Okay. And it flows every. The document red. So how do you put that ink back in the bottle, in the right bottle? How do you organize it again? So that it only flows to the allowed places in the lake? They're totally right about that. Where did they collect it from it? Apparently they don't even know where they got some of this information. [00:49:58] This data from reminds me of the no fly list. You don't know you're on it and you can't get yourself off of it. It is crazy. So this document that we're talking about was written last year by. Privacy engineers on the ad and business product team, whose mission is to make meaningful connections between people and businesses and which quote sits at the center of a monetization strategy. [00:50:22] And is the engine that powers Facebook's growth. Interesting problems. And I see this being a problem well into the future for more and more of these companies, look at Twitter as an example that we've all heard about a lot lately. And I've talked about as well along comes Elon Musk and he says wait a minute now. [00:50:41] Now I can make Twitter way more profitable. We're gonna get rid of however many people it's well over a thousand, and then we are going to hire more people. We're gonna start charging. We're gonna be more efficient. You can bet all of these redundancies that are in Facebook are also there on Twitter. and Twitter also has to comply with all of these regulations that Facebook is freaking out about. [00:51:09] It, for really a very good reason. So this document is available to anybody who wants to look at it. I'm looking at it right now, talking about regulatory landscape and the fundamental problems Facebook's data lake. And this is a problem that most companies have not. As bad as Facebook does, but most companies, you grow. I have yet to walk into a business that needs help with cybersecurity and find everything in place as it should be, because it grew organically. You started out with a little consumer firewall, router and wifi, and then you added to it and you put a switch here and you added another switch behind that and move things around. [00:51:54] This is normal. This is not total incompetence on the part of the management, but my gosh, I don't know. Maybe they need an Elon Musk. Just straighten them out as well. Hey, stick around. I'll be right back and sign up online@craigpeterson.com. [00:52:13] Apparently looting is one of the benefits of being a Russian soldier. And according to the reports coming out of Ukraine, they've been doing it a lot, but there's a tech angle on here that is really turning the tables on these Russian looters. [00:52:30] This is really something, we know in wars, there are people that loot and typically the various militaries try and make sure, at least recently that looting is kept to an absolute minimum. [00:52:45] Certainly the Americans, the British, even the Nazis during world war II the the socialists they're in. Germany they tried to stop some of the looting that was going on. I think that's probably a very good thing, because what you end up with is just all of these locals that are just totally upset with you. [00:53:10] I found a great article on the guardian and there's a village. Had been occupied for about a month by Russian troops and the people came back, they are just shocked to see what happened. They're giving a few examples of different towns. They found that alcohol was stolen and they left empty bottles behind food rappers, cigarette butts, thrown all over the place in apartments and homes. [00:53:39] Piles of feces blocking the toilets, family photographs torn, thrown around the house. They took away all of the clothes. This is a code from one of the people, literally everything, male and female coats, boots, shirts, jackets, even my dresses and lingerie. This is really something. It, the Soviets didn't do this, but now Russian. [00:54:02] Military apparently does. So over the past couple of weeks, there've been reporting from numerous places where Russian troops had occupied Ukrainian territory and the guardian, which is this UK newspaper collected evidences suggests looting by Russian forces was not merely a case of a few way, word soldiers, but a systematic part of Russian military behavior across multiple towns. [00:54:29] And villages. That's absolutely amazing. Another quote here, people saw the Russian soldiers loading everything onto Euro trucks, everything they could get their hands on a dozen houses on the villages. Main street had been looted as well as the shops. Other villagers reported losing washing machines, food laptops, even as sofa, air conditioners. [00:54:53] Being shipped back, just you might use ups here, they have their equivalent over there. A lady here who was the head teacher in the school. She came back in, of course, found her home Lood and in the head teacher's office. she found an open pair of scissors that had been jammed into a plasma screen that was left behind because if they can't steal it, they're gonna destroy it. [00:55:19] They don't only leave anything behind. They found the Russians had taken most of the computers, the projectors and other electronic equipment. It's incredible. So let's talk about the turnaround here. A little. You might have heard stories about some of these bad guys that have smashed and grabbed their way into apple stores. [00:55:38] So they get into the apple store. They grab laptops on iPads, no longer iPods, cuz they don't make those anymore. And I phones. And they take them and they run with them. Nowadays there's not a whole lot of use for those. Now what they have been doing, some of these bad guys is they take some parts and use them in stolen equipment. [00:56:03] They sell them on the used market, et cetera. But when you're talking about something specific, like an iPhone that needs specific activation. Completely different problem arises for these guys because that iPhone needs to have a SIM card in order to get onto the cell network. And it also has built in serial numbers. [00:56:26] So what happens in those cases while apple goes ahead and disables them. So as soon as they connect to the internet, let's say they put 'em on wifi. They don't get a SIM card. They don't. service from T-Mobile or Verizon or whoever it might be. So now they disconnect to the wifi and it calls home, cuz it's gonna get updates. [00:56:45] So on download stuff from the app store and they find that it's been bricked. Now you can do that with a lot of mobile device managers that are available for. All kinds of equipment nowadays, but certainly apple equipment where if a phone is lost or stolen or a laptop or other pieces of equipment, you can get on the MDM and disable it, have it remotely erased, et cetera. [00:57:11] Now, police have had some interesting problems with that. Because a bad guy might go ahead and erase a smartphone. That's in the evidence locker at the police station. So they're doing things like putting them into Fairday cages or static bags or other things to try and stop that. So I think we've established here that the higher tech equipment is pretty well protected. [00:57:36] You steal it. It's not gonna do you much. Good. So one of the things the Russian stole when they were in it's called I think you pronounce it. Mela me pole which is again, a Erian city is they stole all of the equipment from a farm equipment dealership and shipped it to Chenia. Now that's according to a source in a businessman in the area that CNN is reporting on. [00:58:06] So they shipped this equipment. We're talking about combines harvesters worth 300 grand a piece. They shipped it 700 miles. and the thieves were ultimately unable to use the equipment, cuz it had been locked remotely. So think about agriculture equipment that John Deere, in this case, these pieces of equipment, they, they drive themselves. [00:58:33] It's autonomous. It goes up and down the fields. Goes any pattern that you want to it'll bring itself within a foot or an inch of your boundaries, of your property being very efficient the whole time, whether it's planting or harvesting, et cetera. And that's just a phenomenal thing because it saves so much time for the farmer makes it easier to do the companies like John Deere. [00:58:58] Want to sell as many pieces of this equipment as they possibly can. And farming is known to be a, what not terribly profitable business. It certainly isn't like Facebook. So how can they get this expensive equipment into the hands of a lot of farmers? What they do is they lease it. So you can lease the equipment through leasing company or maybe directly from the manufacturer and now you're off and running. [00:59:26] But what happens if the lease isn't paid now? It's one thing. If you don't pay your lease on a $2,000 laptop, right? They're probably not gonna come hunting for you, but when you're talking about a $300,000 harvester, they're more interested. So the leasing company. Has titled to the equipment and the leasing company can shut it off remotely. [00:59:51] You see where I'm going with this so that they can get their equipment in the hands of more farmers cuz the farmers can lease it. It costs them less. They don't have to have a big cash payment. You see how this all works. So when the Russian forces stole this equipment, that's valued. Total value here is about $5 million. [01:00:11] They were able to shut it all. And obviously, if you can't start the engine, because it's all shut off and it's all run by computers nowadays, and there's pros and cons to that. I think there's a lot of cons, but what are you gonna do? How's that gonna work for you? It. Isn't going to work for you. [01:00:32] And they were able to track it. It had GPS trackers find out exactly where it was. That's how they know it was taken to Chenia and could be controlled remotely. And in this case, how'd they control it. They completely. Shut it off. Even if they sell the harvesters for spare parts, they'll learn some money, but they sure can be able to sell 'em for the 300 grand that they were actually worth. [01:00:57] Hey, stick around. We'll be right back and visit me online@craigpeterson.com. If you sign up there, you'll be able to get my insider show note. And every week I have a quick five. Training right there in your emails, Craig Peter san.com. That's S O N in case you're wondering. [01:01:22] If you've been worried about ransomware, you are right to worry. It's up. It's costly. And we're gonna talk about that right now. What are the stats? What can you do? What happens if you do get hacked? Interesting world. [01:01:38] Ransomware has been a very long running problem. I remember a client of ours, a car dealership who we had gone in. [01:01:49] We had improved all of their systems and their security and one of their. People who was actually a senior manager, ended up downloading a piece of ransomware, one of these encrypted ones and opened it up and his machine, all of a sudden TA, guess what it had ransomware on it. One of those big reds. [01:02:12] Greens that say pay up is send us this much Bitcoin. And here's our address. All of that sort of stuff. And he called us up and said, what's going on here? What happened? First of all, don't bring your own machine into the office. Secondly, don't open up particularly encrypted files using the password that they gave. [01:02:33] and thirdly, we stopped it automatically. It did not spread. We were able to completely restore his computer. Now let's consider here at the consequences of what happened. So he obviously was scared. And within a matter of a couple of hours, we actually had him back to where he was and it didn't spread. [01:02:59] So the consequences there they weren't that bad. But how about if it had gotten worse? How about if they ransomware. Also before it started holding his computer ransom, went out and found all of the data about their customers. Would, do you think an auto dealership would love to hear that all of their customer data was stolen and released all of the personal data of all of their customers? [01:03:25] Obviously not. So there's a potential cost there. And then how long do you think it would take a normal company? That thinks they have backups to get back online. I can tell you it'll take quite a while because the biggest problem is most backups don't work. We have yet to go into a business that was actually doing backups that would work to help restore them. [01:03:52] And if you're interested, I can send you, I've got something. I wrote up. Be glad to email it back to you. Obviously as usual, no charge. and you'll be able to go into that and figure out what you should do. Cause I, I break it down into the different types of backups and why you might want to use them or why you might not want to use them, but ransomware. [01:04:15] Is a kind of a pernicious nasty little thing, particularly nowadays, because it's two, two factor, first is they've encrypted your data. You can't get to it. And then the second side of that is okay I can't get to my data and now they're threatening to hold my data ransom or they'll release. So they'll put it out there. [01:04:38] And of course, if you're in a regulated industry, which actually car dealers are because they deal with financial transactions, leases, loans, that sort of thing you can lose your license for your business. You can U lose your ability to go ahead and frankly make loans and work with financial companies and financial instruments. [01:05:00] It could be a very big deal. so there are a lot of potential things that can happen all the way from losing your reputation as a business or an individual losing all of the money in your operating account. And we, again, we've got a client that we picked up afterwards. That yes, indeed. They lost all of the money in their operating account. [01:05:24] And then how do you make payroll? How do you do things? There's a new study that came out from checkpoint. Checkpoint is one of the original firewall companies and they had a look at ransomware. What are the costs of ransomware? Now bottom line, I'm looking at some stats here on a couple of different sites. [01:05:44] One is by the way, KTI, which is a big ransomware gang that also got hacked after they said we are going to attack anyone that. That doesn't defend Vlad's invasion of Ukraine, and then they got hacked and their information was released, but here's ransomware statistics. This is from cloud words. First of all, the largest ransom demand is $50 million. [01:06:11] And that was in 2021 to Acer big computer company. Now 37% of businesses were hit by ransomware. In 2021. This is amazing. They're expecting by 2031. So in about a decade, ransomware is gonna be costing about $265 billion a year. Now on average Ransomware costs businesses. 1.8, 5 million to recover from an attack. [01:06:41] Now that's obviously not a one or two person place, but think of the car dealer again, how much money are they going to make over the year or over the life of the business? If you're a car dealer, you have a to print money, right? You're selling car model or cars from manufacturer X. And now you have the right to do that and they can remove that. [01:07:03] How many tens, hundreds of millions of dollars might that end up costing you? Yeah. Big deal. Total cost of ransomware last year, 20 billion. Now these are the interesting statistics here right now. So pay closer attention to this 32% of ransomware victims paid a ransom demand. So about her third paid ransom demand. [01:07:27] Last. It's actually down. Cuz my recollection is it used to be about 50% would pay a ransom. Now on average that one third of victims that paid a ransom only recovered 65% of their data. Now that differs from a number I've been using from the FBI. That's a little bit older that was saying it's little better than 50%, but 65% of pain victims recovered their data. [01:07:55] Now isn't that absolutely amazing. Now 57% of companies are able to recover the data using a cloud backup. Now think about the different types of backup cloud backup is something that can work pretty well if you're a home user, but how long did it take for your system to get backed? Probably took weeks, right? [01:08:19] For a regular computer over a regular internet line. Now restoring from backup's gonna be faster because your down link is usually faster than your uplink. That's not true for businesses that have real internet service ours. It's the same bandwidth up as it is down. But it can take again, days or weeks to try and recover your machine. [01:08:39] So it's very expensive. And I wish I had more time to go into this, but looking at the costs here and the fact that insurance companies are no longer paying out for a lot of these ransomware attacks, it could be incredibly expensive for you incredibly. So here you. The number one business types by industry for ransomware tax retail. [01:09:13] That makes sense. Doesn't it. Real estate. Electrical contractors, law firms and wholesale building materials. Isn't that interesting? And that's probably because none of these people are really aware, conscious of doing what, of keeping their data secure of having a good it team, a good it department. So there's your bottom line. [01:09:40] Those are the guys that are getting hit. The most, the numbers are increasing dramatically and your costs are not just in the money. You might pay as a ransom. And as it turns out in pretty much every case prevention. Is less expensive and much better than the cure of trying to pay ransom or trying to restore from backups. [01:10:06] Hey, you're listening to Craig Peterson. You can get my weekly show notes by just going to Craig peterson.com. And I'll also send you my special report on how to do passwords stick around will be right back. [01:10:24] You and I have talked about passwords before the way to generate them and how important they are. And we'll go over that again a little bit in just a second, but there is a new standard out there that will eliminate the need for passwords. [01:10:40] I remember, I think the only system I've ever really used that did not require passwords was the IBM 360. [01:10:49] Yeah, 360, you punch up the cards, all of the JCL you feed the card deck in and off it goes. And does this little thing that was a different day, a different era. When I started in college in university, we. We had remote systems, timeshare systems that we could log into. And there weren't much in the line of password requirements in, but you had a username. [01:11:18] You had a simple password. And I remember one of our instructors, his name was Robert, Andrew Lang. And his password was always some sort of a combination of RA Lang. So it was always easy to guess what his password was. Today, it has gotten a lot worse today. We have devices with us all of the time. [01:11:40] You might be wearing a smart watch. That requires a password. You of course probably have a smart phone. That's also maybe requiring a password, certainly after boots nowadays they use fingerprints or facial recognition, which is handy, but has its own drawbacks. But how about the websites? You're going to the systems you're using when you're at work and logging in, they all require passwords. [01:12:10] And usernames of some sort or another well, apple, Google, and Microsoft have all committed to expanding their support for a standard. That's actually been out there for a few years. It's called the Fido standard. And the idea behind this is that you don't have to have a password in order to log. Now that's really an interesting thing, right? [01:12:37] Just looking at it because we're so used to having this password only authentic. And of course the thing to do there is make sure you have for your password, multiple words in the password, it should really be a pass phrase. And between the words put in special characters or numbers, maybe mix. [01:12:59] Upper lowercase a little bit. In those words, those are the best passwords, 20 characters, 30 characters long. And then if you have to have a pin, I typically use a 12 digit pin. And how do I remember all of these? Cuz I use a completely different password for every website and right now, Let me pull it up. [01:13:21] I'm using one password dot com's password manager. And my main password for that is about 25 characters long. And I have thirty one hundred and thirty five. Entries here in my password manager, 3,100. That is a whole lot of passwords, right? As well as software licenses and a few other things in there. [01:13:48] That's how we remember them is using a password manager. One password.com is my favorite. Now, obviously I don't make any money by referring you there. I really do like that. Some others that I've liked in the past include last pass, but they really messed. With some of their cybersecurity last year and I lost my faith in it. [01:14:08] So now what they're trying to do is make these websites that we go to as well as some apps to have a consistent, secure, and passwordless sign in. and they're gonna make it available to consumers across all kinds of devices and platforms. That's why you've got apple, Google, and Microsoft all committing to it. [01:14:32] And you can bet everybody else is going to follow along because there's hundreds of other companies that have decided they're gonna work with the Fido Alliance and they're gonna create this passwordless future. Which I like this idea. So how does this work? Basically you need to have a smartphone. [01:14:50] This is, I'm just gonna go with the most standard way that this is going to work here in the future. And you can then have a, a. Pass key. This is like a multifactor authentication or two factor authentication. So for instance, right now, when I sign into a website online, I'm giving a username, I'm giving a password and then it comes up and it asks me for a code. [01:15:14] So I enter an a six digit code and that code changes every 30 seconds. And again, I use my password manager from one password dot. In order to generate that code. So that's how I log into Microsoft sites and Google sites and all kinds of sites out there. So it's a similar thing here now for the sites for my company, because we do cyber security for businesses, including regulated businesses. [01:15:41] We have biometrics tied in as. so to log into our systems, I have to have a username. I have to have a password. I then am sent to a single sign on page where I have to have a message sent to my smart device. That then has a special app that uses biometrics either a face ID or a fingerprint to verify who I am. [01:16:06] Yeah, there's a lot there, but I have to protect my customer's data. Something that very few it's crazy. Actual managed security services providers do, but it's important, right? By the way, if you want my password. Special report, just go to Craig peterson.com. Sign up for my email list. [01:16:29] I'll send that to you. That's what we're sending out right now for anyone who signs up new@craigpeterson.com. And if you'd like a copy of it and you're already on the list, just go ahead and email me M E. At Craig peterson.com and ask for the password special report where I go through a

    Using Punchlists to Stop Ransomware

    Play Episode Listen Later May 28, 2022 82:36

    Using Punchlists to Stop Ransomware I really appreciate all of the emails I get from you guys. And it is driving me to do something I've never done before now. I've always provided all kinds of free information. If you're on my email list, you get great stuff. But now we're talking about cyber punch lists.  [Automated transcript follows] [00:00:16] Of course, there are a number of stories here that they'll come out in the newsletter or they did, excuse me, go in the newsletters should have got on Tuesday morning. [00:00:26] And that's my insider show notes, which is all of the information that I put together for my radio appearances radio shows. And. Also, of course, I sent it off to the hosts that these various radio stations. So they know what taught because, oh, who really tracks technology, not too many people. And I get a little off-put by some of these other radio hosts, they call themselves tech people, and they're actually marketing people, but. [00:00:57] That's me. And that's why, if you are on my list, you've probably noticed I'm not hammering you trying to sell you stuff all the time. It's good. Valuable content. And I'm starting something brand new. Never done this before, but this is for you guys. Okay. You know that I do cybersecurity. As a business and I've been doing it now for more than three decades. [00:01:22] I dunno if I should admit that right there. Say never say more than 17 years. Okay. So I've been doing it for more than 17 years and I've been on the internet now for. Oh, 40 years now. Okay. Back before it was even called the internet, I helped to develop the silly thing. So over the years, we've come up with a number of different strategies. [00:01:43] We have these things that are called plan of action and milestones, and we have all kinds of other lists of things that we do and that need to be done. So what we're doing right now is we're setting up. So that you can just email me M e@craigpeterson.com. And I will go ahead and send you one of these punch lists. [00:02:09] Now the punch lists are around one specific topic. We've got these massive. Punch lists with hundreds and hundreds of things on them. And those are what we use when we go in to help clean up the cybersecurity and accompany. So we'll go in, we'll do scans. We will do red team blue team, or we're attacking. [00:02:30] We do all kinds of different types of scans using different software, trying to break in. We use the same tools that the hackers use in order to see if we can. Into your systems and if the systems are properly secured, so we do all of this stuff and then it goes into all of the paperwork that needs to be done to comply with whatever might be, it might be, they accept payment cards. It might be that they have. But information, which is healthcare information. And it might be also that they're a government contractor. So there are hundreds and hundreds of things that they have to comply with. Most of them are procedural. So we have all of this stuff. [00:03:13] We do all of this stuff. And I was talking with my wife here this last week about it and said, yes, That's so much of this could be used by small companies that can't afford to hire my team to come in and clean things up. And I don't want them to suffer. So here's what we're doing. We're starting this next week. [00:03:36] We have a punch list for you on email. So what are the things you can do should do for email? Just very narrow on email so that you can recognize a Fisher. Email, what you might want to do to lock down your outlook, if you're on windows or your Mac mail. So we're taking these massive spreadsheets that we have and we're breaking them up. [00:04:03] So the first one that's available to you guys, absolutely. A hundred percent free. Is the one on email. So just send me an email. Me M e@craigpeterson.com. Now, remember I am, my business is a business to business, but almost everything in these various. Punch lists applies to individuals as well. [00:04:27] So I got an email this last week from a guy saying, Hey, I'm 80 years old and retired and I don't know much about computers. And that's what got us thinking about. No, we need to be able to help him. We need to be able to help you out. Okay. And if you're a small business and we've dealt with a lot of them over the years, and as a small business, you just don't have the funds to bring in an expert, whether it's me or somebody else, although yeah. [00:04:56] You want the best anyways. It it is going to allow you to do it yourself. Okay. So absolutely free. All of these punch lists on all of these topics. We're probably going to end up with more than a hundred of these punch lists. And all you do is email me M e@craigpeterson.com. Just let me know in there what you're interested in. [00:05:19] So even if we haven't got that punch list broken down for you yet, we will go ahead and put that on the. To do right. We need the priorities. What kind of a priority should we have as we're putting these things together for free for people. And the only way we know is if you ask, so the first one's on email, you can certainly ask for email. [00:05:39] We've got, as I said, more than a hundred others, that we think we're going to be able to pull out of the exact. Plan of action worksheets that we use so that you can go through this yourself, whether you're a home user or you are a small business or even a big business, we were talking with a gentleman who's probably listening right now, who has a business. [00:06:06] They have three offices, they have some requirement because of the military contracts for high level. Cybersecurity. And they would work for him too. All right. So they, this is all of the punch list stuff. He probably know what a punch list is. It's used in the construction industry a lot, but in our case, it's indeed to do this. [00:06:27] You need to do this, you need to do this. Okay. So that's what that's all about. So enough rambling on that. It's going to take us some time to get them all together. I'm also. And then her do more video stuff again, training. So just like on the radio show where we're talking about what's in the news, we're going to talk about watch what's in the news. [00:06:49] When it comes to small businesses, what you should be paying attention to with of course, an emphasis on cyber security and. Putting those up on my website@craigpeterson.com. In fact, we've already got some up there already, and then we are going to also be putting them on YouTube and rumble. So if you don't like YouTube and Google, then you can certainly go to rumble. [00:07:14] You'll see them there. But if you're on the email list, Starting to put links in the bottom of the emails. So you can go and watch those videos. If you're a video type person that you know, more visual. So it's, I think all good. And it's good news for everybody. And this is what happens, I think, as you get more mature, In the business. [00:07:36] As I said, I've been on the internet for more than 40 years, helped develop some of that software that some of it's still in use today and now it's time to do more give back. And I really am trying to give back, okay, there's this isn't. This isn't a joke. No joke. So go ahead. Email me at Craig Peterson. [00:07:57] Tell me which punch list that you would like. And I can also put you on my email list so that you get my insider show notes, and you can just do that yourself by going to Craig Peterson. Calm. You'll see right up at the top of the page. If you scroll down a little bit, it'll pop up. It's a big red bar that goes across the top. [00:08:17] I try not to be too intrusive and you can sign up there for the newsletter. So you'll get some of these trainings automatically. You'll get my insider show notes, all of this stuff. It's absolutely free. Okay. This is my give back to help you out. It really is. Okay. As I mentioned at the very beginning. [00:08:37] Peeve by some of these people that represent themselves as tech experts. And in fact, all they are marketers. We've got a client that decided that I was too expensive. My team. So they went out and shopped around, tried to find the cheapest company they could. And so now the company that they're bringing in is saying, you're saying Hey so how does this work? [00:08:59] How do you do zero trust? Why do you have a firewall here? Why do you bother to have a direct fiber link between the offices? All this stuff? Because they need it. Okay. I get it. You use. Barracuda spam firewalls and Barracuda firewall holes it, yeah, this is a different league. Okay. So you're going to be getting these punch lists from me that are really going to help you understand and secure your systems. [00:09:29] This isn't your average run of the mill, managed security services provider or managed services or break fix shop. You're getting it from the guy that the FBI. InfraGuard program went to, to do their trainings. That was me. Okay. So for two years I set up the program. I ran it. And if we ever sitting down and having a coffee or a beer, sometimes I'll tell you why I left. [00:09:53] Okay. But think about FBI and I think you might have a clue as to why I decided not to do that anymore. I trained thousands of businesses, government agencies, state local. Federal, you name it. So you're getting what you really need, which is another problem. I keep hearing from people, you do a search for something on YouTube or Google and you get what a million, 5 million pages, as supposedly that it says are available and they give you, okay, then here's the top one. But what you need is an integrated, single. To do things where everything works together. And that's what I'm trying to do for you guys, because there's so many little products, different products that just don't work so well together. [00:10:46] So we'll be covering that as well in these, but you gotta be on that email list. Craig peterson.com. Craig Peterson, S O n.com/subscribe. We'll take you right to the subscription page and I'll keep you up to date. This is not my paid newsletter. All right, stick around. We'll be right back. And I promise I'll get to Russia. [00:11:12] Some of the high-tech companies and others pulled out of Russia after the Ukraine invasion, but one stayed Google. What is going on with Google? And now they're in big trouble with the Russian government. Wow  [00:11:28] here's the list of companies according to seeing that, that have. Out of Russia because you remember Russia invaded !Ukraine, February 24, we had Adobe, these are the guys that make Photoshop, Adobe reader. Airbnb has an interesting story too in Ukraine because a number of quite a number of Airbnb customers went ahead and rented rooms and homes from Ukrainians, even though they had no intention of going and they told the Ukrainians, Hey. [00:11:59] The I'm not going to show up, just take this money. I'm sure you need it. Can you imagine that? But that's fantastic. Good for them, Amazon. They suspended shipments of all retail products at customers in Russia and Bella ruse and also suspended prime video for users. Apple stopped selling its product in rushes. [00:12:21] It's halting online transactions, including limiting apple pay. It's also disabled. Some apple map features in Ukraine in order to protect civilians, Amazon web services. They don't have data centers or offices in Russia, but it stopped allowing new signups for the service in Russia. BMW for GM, huh? I have all scaled back their operations or stopped them. [00:12:49] Ford suspended its operations in Russia effective immediately until further notice. GM is suspending business in Russia. Honda has a suspended exports to Russia, Disney halted, all theatrical releases in Russia, including the new Pixar film, turning red, also pause content DJI. The drone company that has gotten in trouble here in the U S for some of its practices of sending GPS information to China while they're not doing it over there. [00:13:20] Electronic arts. They make a bunch of very popular games, epic games, and other one Erickson, FIFA body band Russia from this year's world cup formula one canceled its plan planned Russian grump, pre Fujitsu, Goldman Sachs. Now Google that's where I want to go. We'll stop at Google here for a minute. [00:13:44] Google. Suspended their ad network in Russia. And the idea was okay. We're not sure how payments are going to work because Russia of course has had this kind of this lockdown by foreign countries on their banking system. We're not sure we can get the money out. That's what they're apparently doing now. [00:14:08] They're still there. Google's YouTube it search engine on and on still running in Russia. Now that is really disturbing. If you ask me, why did they not pull out? It doesn't make sense. So Google did stop accepting new customers for Google cloud in March. YouTube said is removing videos at denier trivial trivialize, the Russian invasion, but what finally got. [00:14:42] Out of Russia, Russia seized their bank accounts. They froze them. They transferred their money out of the main bank account in Russia. We're talking about a $2 billion per year business, Google Russia, that really upsets me. So I did a little more research online about all of this, and I was really surprised to see that you crane now has given the Ukraine peace prize to Google. [00:15:12] And it says, quote, on the behalf of Ukrainian people with gratitude for the support during this pivotal moment in our nation's history. So what is it? I'm not sure. So they're one of their foreign ministers, and Karen. I think I said, thank you. From the beginning of the war, Google has sought to help power. [00:15:35] However we can through humanitarian support of our tools, we'll continue to do as long as needed. So I dug in a little more and tried to figure out what's up. Russia or Google left its Russian search engine online and YouTube online and was using it in Russia in order to. Control the narrative in Russia. [00:15:59] Now, unlike what they've done here in the U S where Google hasn't been caught, many times controlling the narrative in various elections and taking certain ads and not taking others and taking certain business and not taking others, apparently in Russia, it has been. Blocking a lot of the stuff that Russia itself has been putting out. [00:16:23] So the federal government there in Russia. Interesting. Hey, so they also have helped you crane out by providing them with mapping GPS and rumor has it satellite services. Yeah, interest in it to track Russian troop movements. All also Ukraine saying the Google news component has also been tremendously valuable. [00:16:51] Google's also helping to raise money for the cause of Ukraine. Like many companies are doing right now to help people displace due to the war and Poland. Wow. They've been doing yeoman's work and bringing. People in, by the millions, into Poland from Ukraine or reminds me when I lived in Calgary, Alberta, my Cub, one of the Cub masters Cub troop leaders was a woman who came from Poland many years ago. [00:17:18] This was back during Soviet occupation. Poland. And I remember talking to her about what was happening over there. Why did she leave? And it was just so impressive. The polls have done so much impressive stuff over the years. So they're also saying that Google has done a lot of other things in order to. [00:17:39] Help protect Ukraine, including Google's blocked domains. They've prevented phishing attacks against Ukraine. They warned targeted individuals that they are being targeted. It's really something what they've done. So my first knee jerk was why is Google? Still doing business in Russia while now it's become clear because they have a special page for Russians that gives correct information, at least, Google is claiming it's correct. [00:18:13] I don't know which fact-check teachers checkers they're using. That gives Russians real information about the war what's going on in Ukraine. What's happening with the Russian soldiers. Did you see this? Just this last week, the apparently Russia removed the age limit for volunteers for the military. [00:18:35] It used to be, I think it was 40 years old. If you were a Russian citizen and 30 years old, if you are a foreign national, now the Russian military will take any. At any age from anywhere. In other words, Russia has really getting hard up if they want people like me to fight their wars. [00:18:54] I'm sure they don't really want, I don't know. Maybe they do want me, that every war needs cannon fodder. So it is fascinating to see good job Google. I am quite impressed. I did not expect them to be doing that. They've also. Provided over $45 million in donations and grants to various groups. [00:19:18] They've done pro bono work for various organizations over there. So this is really cool. So that's it. That's what's happening over there? Yeah. Crane and Googled, you can of course, find out a lot more. Get my insider show notes. So you had all of this on Tuesday morning. You could have digested it all and be ahead of everybody else out there. [00:19:43] And then also don't forget about my new offer here. Free, absolutely free for anyone. Asks by emailing me@craigpeterson.com. I'll go ahead and send them to you, which is I think a pretty cool thing now. What am I going to send you? You got to ask first, right? You got to ask. And what we're going to be doing is taking what I have been using for years to help secure my customer. [00:20:14] And we're making available for free my cyber punch lists. Craig peterson.com/subscribe. [00:20:22] Bit of a hub-bub here. Biden's infrastructure bill $1.2 trillion. And it's in there is this thing that Bob Barr's calling an automobile kill switch. I did some more research and we'll tell you the facts right now.  [00:20:39] What are you supposed to do? If you are trying to pass a bill to stop drunk driving deaths, and you've got all of the money in the world, Joe I guess 1.2 trillion, isn't all of the money in the world. What are you going to put in there? I did a search on this and I'm chuckling because this is craziness. [00:20:59] This is the AP associated press. And they've got this article claiming. President and Joe Biden signed a bill that will give law enforcement access to a kill switch that will be attached to all new cars in 2026 APS assessment false. Okay. So we've got fact checkers here while the bipartisan infrastructure bill Biden signed last year requires advanced drunk and impaired driving technology to become standard equipment in cars. [00:21:31] Experts say. Technology doesn't amount to a kill switch. Let me see. So I can't start the car. If the car's computer thinks I might be drunk or impaired in some other way, but that's not a kill switch. What is that? Then if I can't start the car, because I have a disagreement with the computer. How about these people that I don't know, maybe their eyes can't open all of the weight. [00:21:59] Maybe they have problems with eyes on nystagmus though. Eyes jittering back and forth. And then now what are they going to argue with the computer? That's a kill switch. I can't believe these crazy people that are like AP here, coming up with fact checking on things. So yeah, I'm sure there some distortions in some articles out there, but they contradicted themselves and to bear graphs, I guess they figure people are just going to see false. [00:22:30] Okay. I'm done. And they're not going to bother reading the rest of the article. Ah, Kind of crazy, isn't it? So according to an article written by member, former us representative Bob BARR in the infrastructure bill, is this kill switch. Now the big question is what is the kill switch? How far does it. [00:22:55] So I decided let's look up something I remember from years ago and that is GM has the OnStar system it's yet another reason I won't buy GM, there are a number of reasons, but this doesn't, it. OnStar system, they've got an advisors and that grade, and if your car is in a car accident, a crash that advisor can hop on and ask if you're okay. [00:23:22] And if you want emergency services coming, they'll come OnStar. We'll call them. And if you are just fine, they won't bother calling. If there's no answer at all, they'll call emergency services and let them know where the vehicle is because the vehicle has with OnStar built-in GPS. One of the features of OnStar is that it can send a signal to disable cars, engines, and gradually slow the vehicle to an idle speed to assist police in recovering the vehicle. [00:23:58] Now they will only do that at least right now for vehicles that have been reported stolen and have been confirmed by the police. So in reality, that's cool, right? It slows down. Hopefully the bad guy, if he's on the highway, makes it over to the side of the road and while the car slows down and eventually stops. [00:24:22] So all of this stuff sounds good. This kill switch. Sounds good. Doesn't it? Because we're going to keep drunk drivers off the road. Now in reality, of course, they're not going to be able to keep drunk drivers or other impaired drivers off the road. I really don't care what kind of technology they put in. [00:24:44] And they're not talking about putting in one of these blow in the tube, things that checks your blood alcohol level. They're talking about having a camera facing you as the driver and probably other occupants of the vehicles and that internally facing camera. Is going to evaluate you. It's going to look at you. [00:25:07] It's going to look at your face. If something droopy, or are you slow to respond? It might have a little test to that. It has you take right there. The law is very loosey goosey on any details. There really aren't any, so it's going to be up to the manufacturer. So they put this in the car step. [00:25:28] Just like OnStar, step one, put it in the car and they'll tell you when to turn you remember how cool that was the GPS with OnStar. And you tell ya, I want to go to this address. And then the assistant goes ahead and sends programming to your car. And now you can go. And if you lock your keys in the car, they can unlock the car for you. [00:25:51] All kinds of cool stuff. And then next up what happened. But they can stop the vehicle. So there's another technology story related to OnStar. And this is from 2009 from Kelly blue book, OnStar stolen vehicle slowed down Fort it's first carjacking. So again, doesn't that sound fantastic. And this was a Tahoe OnStar. [00:26:18] And the driver and his passenger forced out of the vehicle robbed by a shotgun wielding perp who then drove off in the SUV. And the OnStar dispatcher was able to locate the vehicle using GPS advice please, of exact location. And as soon as the police establish visual contact, the stolen vehicle slowdown system is activated available on a number of GM cars and trucks. [00:26:43] So this was over a decade. That this happened, but the technology's evolved. Yeah. So we initially have all of these car companies trying to decide, okay, so we've got this kill switch law, which AP says is not a kill switch law because they talk to experts just the, what was it? 52 people heads of intelligence. [00:27:08] Committees and agencies said that this wasn't a collusion hope, right? So they talked to experts who said no, this isn't a kill switch, but that's today you can argue, it's not a kill switch. I would completely disagree with you. Day one. It's a kill switch. Cause you can't start your car. It's a kill switch. [00:27:25] I kill switch is often something you hide somewhere on the car so you can kill the engine. So it can't be stolen. It's a kill switch. Come on. People fact checkers aside, but this could potentially allow law enforcement again, to shut down your car. Remotely track the cars, metrics, location, maybe the passenger load, because remember now cars are tracking all of this. [00:27:51] They've already been. Tickets issued by police. The did not see anyone speeding. The car was not caught on a traffic camera, but they hook up a device to your cars port that talks to its computer. And the computer says, yeah, he was doing 80 miles an hour, five minutes. And all of a sudden you got a ticket, right? [00:28:12] Massachusetts wants to go ahead now and say, ah yeah. Let's charge by the mile that you drive in mass. Because of course you're not getting enough revenue from gasoline because of the electric cars, electric cars are not paying their fair share when it comes to road taxes. So let's do it that way. [00:28:32] So how are they going to collect the information while. And they're going to hook up to your car's computer. The next thing coming down the road in it's already in most cars is wireless data connectivity, or you might've found already. If you have a Nissan, a Honda, many other cars. You have to get a major, upgrade it very 600 bucks up to a few grand for an expensive car, but the two G data network. [00:29:02] And we talked about this on the show already is being completely shut down by the end of the year. So they've got to replace it and switch you over. To the L G E data network, which of course eventually will go away as well, or at least three G what happens once it's all hooked up? The next easy step is just feed all of that information straight to the government. [00:29:26] Craig peterson.com. [00:29:30] If you've been afraid of ransomware before, I've got a good example for you where a whole country now has been ransomed. Absolutely crazy. So we'll talk about that. What is the state of ransomware? And the NSA is asking us to trust them again. [00:29:47] Of course staying up to date means that you get my insider newsletter pretty much every Tuesday morning. [00:29:54] And the only way to get that is to go to Craig Peterson.com/subscribe. And I will keep you up to date. You'll get even more insight information. The Costa Rican government has declared a state of national emergency. And to the best of my knowledge, this is the first time a government has done this because agencies of the Costa Rican government have been hit so badly by the Conti rants. [00:30:24] That the new incoming president immediately declared a state of emergency. So now the country has expanded law enforcement powers and they are trying to go after the Conti ransomware group. No between you and me. Good luck on that one. They are based in Russia. There's a number of different articles out this week. [00:30:47] This one from ADV Intel at tech target. But according to their research, the Conti ransomware groups attack on Costa Rican government was part of a rebranding effort. So this ransomware gang has seen a lot of their payments, just dry up. Because it's harder to get the money in. And what are you going to do with cryptocurrency? [00:31:11] If you're the Conti group, can you turn it into anything useful? It depends on the country you're in, but for most people, no. Okay. Absolutely. No. So we were able to knock the Conti ransomware groups website. Offline. And we talked about that before here. The U S government did that, but now this is marking a new chapter for the cybercrime landscape. [00:31:38] Interesting. Isn't it? So there are some investigations that have been going on. They've been trying to figure out what happened. What was the cause of the downfall of the Conti ransomware group? Are they really gone? Why did they pull their website offline and. They declared publicly support for Russia in its invasion of Ukraine. [00:32:02] And so now the Conti ransomware group got hacked and held ransom. They suffered major league. As a consequence. So other hackers went after Conti, which is a hacking group and they showed here from internal documents that were stolen, that the Conti ransomware gangs primary Bitcoin address, which was found in the leak, showed that they had taken in over $2 billion in cryptocurrency over the last five. [00:32:35] Isn't that just amazing and anonymous leaker has published more of the gangs communications, that can help the mass for sure. But you think with that much money, they'd be able to protect themselves right now on top of it, because of the hack of Costa Rica and the major damages, because the U S government has offered a couple of bounties here. [00:33:00] Against the Conti ransomware group. So there's $10 million available. If you can provide the feds with information about the leaders of the Conti ransomware group and $5 million that you can get leading to the arrest of anyone involved with a Conti ransomware attack. Isn't that something. So ransomware has been really out of control for years. [00:33:25] There's no signs that things are actually slowing down. Definitely been enhanced law enforcement efforts to track them down. But I'll ultimately here, the core members of these groups have been escaping these law enforcement activities. They've been using mules like 2000 mules. Have you seen that movie? [00:33:46] But the idea is they get people primarily in the U S because that's where most of the money comes from. They do rent. Of people and businesses information here. In fact, last year, it's estimated that 60%, six, 0% of small businesses were hacked, which is just crazy. No wonder has got $2 billion. Okay. [00:34:07] What are we supposed to do? What are they doing to really come after us? They're doing many of the same things. These mules will be hired saying, Hey, I just need to use your PayPal account. And all you have to do is transfer some money. 5%, 10% of the money I put in there. And they've always got these excuses, think that I, Jerry, an email scams from years past, and frankly still go around a little bit here, but large bounties are really becoming a part of the toolbox, a law enforcement's been using in the us and abroad to try and track them down. [00:34:44] And that's really what they're hoping for down in Costa Rica, because what are they going to do? Frankly, really what are they going to do? I don't know. And they obviously are relying on the United States to help them out with this. And the internal structure of the Conti group has been highly organized. [00:35:03] They've got the same type of structure of legitimate corporation would have it takes it to work that needs to be done. They hire contractors that may not even know who they're actually working for to write small pieces of a code here that gets tied. So it's not too surprising that a Conti affiliate is going to go far enough to cause a national emergency to be declared. [00:35:30] One of the things that Conti has done and some of these other ransomware companies have done companies gangs. They have ransomware as a service. So there's all of these people that are affiliated with Conti and all you have to do is get the Conti ransomware onto someone's computer and ta-da, they will pay you. [00:35:54] It's really that simple. They've got tech support for the people that are ran through there. They got ransomed to help them supposedly pay, right? How do I buy Bitcoin? And they'll walk you through. And then they will help you with restoring your files. Hopefully they can be restored. They are, they can't always be restorative. [00:36:15] I think right now the latest number I saw. How about 60% of people who have their data encrypted and ransomed are in fact able to get that data, but there's 60% of the data back. So that's not too big a deal, but Conti operates on affiliate. And this affiliate that went ahead and grandson and our friends in Costa Rica is called UNC 1 7 5 6, uncles, 7 56. [00:36:51] They're also suspected in other attacks on government servers, including a theft of intelligence materials. Peru. And this attacker has already leaked information stolen from Costa Rica and it's on the Conti ransomware dark web portal, which is online. And after the former president of the country refused to pay a $10 million ransom demand, they started leaking the data. [00:37:17] So in this case, focus has been on the national government agencies. They are potentially looking at what might you might call espionage, but these Conti ransomware affiliates have become famous for really quickly exploiting new vulnerabilities as they're published and being indiscriminate in who they attack, because $2 billion. [00:37:39] And then the other part that I think is really interesting here. W we're talking about money, we're talking about real money, obviously, Conti deals almost exclusively in Bitcoin, which can be hard to turn into hard currencies, but that our friends in Costa Rica have said, no we're not going to. [00:37:59] Knowing what has been stolen and what they no longer have access to. In fact, the president said that the company, the country Costa Rica is effectively at war. Now, they got a foothold Conti did in 27 agencies at different levels of the. And the yeah. Okay. So Conti is say, I'm looking at an article in the register here. [00:38:26] Conti is apparently has made more than 150 million from a thousand plus victims while we know it's actually 2 billion, but it depends on the timeframe that they're talking about. And the Conti says that they are determined to overthrow the government by means of a cyber attack. We've already shown you all the strength and power. [00:38:45] You have introduced an emergency. It's really quite something. Now I mentioned earlier today that I am. Taking all of the cyber security stuff that we have been using here over the years. Things like our plan of action and milestones documents and all of this stuff we use to run our projects for our customers. [00:39:11] It's the real stuff, people. And remember, I've been doing the cyber securities. Since the early nineties, so we know what we're doing, I know what I'm doing and I'm making it available for free. Okay, guys, you just have to send me an email me@craigpeterson.com. So the first cyber punch list that we have that available, and all you have to do is ask for it again. [00:39:37] Me, M e@craigpeterson.com is the. Email punch list. So with this punch list, I go through the things that you need to do. In order to secure your email and be more or less secure in your email. Now, I don't know about you. I do not like these long diatribes. I have a book behind me that is hardening windows 10 and it is in a four inch binder. [00:40:14] Cited. There are thousands of recommendations in there from Microsoft. There's a lot that needs to be done. So what I've done is boiled it down to the most important things. And as I said, it's available for absolutely. Free for you. It really is. If you're a listener, just email me M e@craigpeterson.com. [00:40:38] You can ask me to add you to my insider show notes and my little three minute trainings that we do every week. You can also ask for a cyber punch list that you might need. So it's just, okay, we need to do this. You need to do that. You need to do this. You need to do that. So it makes it very straightforward. [00:40:57] I'm trying to. To be, to see about any of this, but we have had amazing feedback on this from companies over the years, and now it's available to you for $0. Okay. So make sure you check it out. Craig peterson.com and you can always email me M e@gregpeterson.com as well. Thanks for taking a little time with me today and look for me online. [00:41:24] Look for my emails and if you would please. Thumbs up on your favorite podcasting platform, YouTube or rumble or subscribe. Thanks. [00:41:37] We're going to talk about the Senate bill that has big tech scared, really scared. I'll talk about a new job site problem for a number of different industries because of hackers and cloud, the cost and reliability. [00:41:53] This tech bill. It has the Senate really scared. [00:41:57] He is frankly, quite a big deal for those of you who are watching over on of course, rumble or YouTube. I'm pulling this up on this screen. This is an article. ARS Technica and they got it originally from wired it's it was out in wired earlier in the month. And it's pointing out a real big problem that this isn't just a problem. [00:42:23] This is a problem for both the legislature. In this case, we're going to talk about the Senate and a problem for our friend. In big tech. So let us define the first problem as the big tech problem. You're Amazon. You are Google. Those are the two big targets here of this particular bill. We're going to talk about, or maybe your Facebook or one of these other Facebook properties, et cetera. [00:42:50] If you are a small company that wants to compete with any of these big guys, What can you do? Obviously you can do what everyone's been telling us. Oh, you don't like the censorship, just make your own platform. And there've been a lot of places and people that are put a lot of money into trying to make their own platform. [00:43:12] And some of them have had some mild successes. So for instance, I'm on. You can watch my videos there. And there have been some successes that rumble has had and making it into kind of the competition to YouTube. But YouTube is still the 800 pound gorilla. Everybody wants to be where the cool kids are. [00:43:32] So for most people. That YouTube. They look at YouTube as being the popular place. Thus, we should be, we are obviously saw the whole thing with Elon Musk and Twitter, and the goings on there. And Twitter really is the public square, although it's died down a lot because of this censorship on Twitter. [00:43:52] Interesting. So as time goes forward, these various big companies are worried about potential competition. So how do they deal with that? This is where the real problems start coming in because we saw Amazon, for instance, in support of an internet sales tax. You remember that whole big deal. The internet had been set aside saying, Hey, no states can tax the internet and that's going to keep the internet open. [00:44:21] That's going to help keep it free. And people can start buying online. And that worked out fairly well. A lot of people are out there, why would Amazon support a sales tax on the internet? They are the biggest merchant on the internet, probably the biggest merchant period when it comes to not just consumer goods, but a lot of goods, like a staples might carry for business. [00:44:45] So they'd have to deal with what they're 9,000 different tax jurisdictions in the United States. And then of course all these other countries, we're not going to talk about them right now, but the United States 9,000 tax jurisdictions. So why would Amazon support an internet sales tax when there's 5,000 tax jurisdictions? [00:45:10] The reason is it makes life easier for them when it comes to competition. So if you are a little. And do you want to sell your widgets or your service? Whatever it might be online. You now have to deal with 9,000 tax jurisdictions. It's bad enough in the Northeast. If you are in New Hampshire, if you live in New Hampshire and you spend more than, I think it's 15% of your time south of the border and mass, then mass wants you to pay income tax for that 15% that you are spending your time there. [00:45:48] Now they do that with the. Baseball teams with football teams, hockey, you name it, right? So the big football team comes into town. The Patriots are paying the New York jets or whatever it might be. The Patriots have to pay New York state taxes, income tax now because they stepped foot in New York heaven forbid that they try and do business there and help New York state out. [00:46:12] And they now have to pay income tax. Now they only have to pay income tax for, or for the amount of time. They're more New York. Various states have various weirdnesses, but if you're only playing 1, 2, 3 dozen games a year, It isn't like your normal work here, which is 2080 hours. We're talking about their plane to New York and they're only spending maybe 10 hours working in New York, but that represents what percentage, 10, 20, 30% of their income, depending on how many games they play and how they're paying. [00:46:45] And so they got to keep track of all that and figure it out. Okay. We played in New York, we played in New Jersey. We're in mass. We were they weren't in New Hampshire, certainly the Patriots plane, but they got to figure it all out. Guess what? Those big pay. Football players, hockey, baseball. [00:47:03] They can afford to have a tax accountant, figure it all out and then battle with them. I had a booth one time at a trade show down in Connecticut. Didn't say. Thing it was terrible trade shows, man. They aren't what they used to be. And they haven't been for a long time. This is probably a decade plus ago, maybe even 20 years ago. [00:47:26] So I had a little booth, we were selling our services for cybersecurity and of course, nobody wanted to bother pain for cybersecurity who needs it. I haven't been hacked yet. Although there's an interesting article. We'll talk about next week based on a study that shows. Small businesses are going out of business at a huge rate because of the hacks because of ransomware. [00:47:49] And if you're worried about ransomware, I've got a really great little guide that you can get. Just email me, me@craigpeterson.com. I'll send it off to you, right? It's a free thing. Real information, not this cruddy stuff that you get from so many marketers, cause I'm an engineer. They'll go out of business. [00:48:10] So they figured I haven't got a business yet, not a big deal. And so no body. There's big trade show. And I was so disappointed with the number of people that even showed up for this silly thing. So what happens next while I get back to the office and about a month to two months later, I get this notice from the state of Connecticut they're tax people saying that I haven't paid my Connecticut taxes yet. [00:48:37] And because I was in connected. I should be paying my income tax for that day that I spent and wasted in Connecticut. Oh. And plus every company in Connecticut that I'm doing business with now, I need to collect their taxes and pay them the taxes that I'm collecting for those Connecticut businesses are resident. [00:48:59] I didn't sell a thing. You know what it took almost, I think it was three or maybe four years to get the state of Connecticut to finally stop sending me all of these threatening notices because I didn't get a dime from anybody in Connecticut. So I'd love the internet from that standpoint saying you don't have to collect taxes in certain cases, certain states, et cetera, unless you have a legal nexus or a legal presence there in the state. So back to Amazon, Amazon loves the idea of having everything on the internet packs. They love the fact that there's 9,000 plus tax jurisdictions. When you get right down to city, state county Lilian, either local taxes, or you look at those poor residents of New York state, or they're poor residents out in Washington state that have to worry about that, right? [00:49:52] There's county taxes, state sales tax. City sales tax, and income taxes are much the same, the, all of these crazy cities and states around the country. Yeah. The ones that are in serious trouble right now, they are those same ones. Those particular jurisdictions are hard to deal with. So from Amazon standpoint is just like the Patriots football players. [00:50:17] We've got plenty of money. We've got teams of lawyers. We have all kinds of accountant. We can handle this and you know why Amazon really loves it because it provides another obstacle for any competitors who want to enter the business. That's the real reason, so many big businesses don't go ahead and charge you serious money so that they can use that money against you. [00:50:48] Okay. You see where I'm going with this? Because if you want to start a business that competes with Amazon, if you want to have a doilies, you're making doilies. My grandmother used to make them all the time and she had them on the toilet paper in the bathroom, little doily holders. Doilies everywhere. [00:51:06] And then of course, the seashells shells on top of the toilet paper holders. If you want to do that and sell it, how are you going to deal online with 9,000 tax jurisdictions? All what you're going to do is you're going to go to Etsy, or you may be going to go to Amazon marketplace and sell your product there. [00:51:25] An Amazon marketplace. So Amazon is taking its cut out of it at is taking it's cut off. And you still ultimately have some of that tax liable. Amazon loves it. It's the same reason you see these groups forums, right? Barbers saying, oh, we've got to be regulated. Really you need to have a regulation in place for barbers. [00:51:49] You need to have licensing for barbers. Why do they do that? They do that. Not just barbers, right? It's all of these licensures and various states. They do that really to keep people. To keep their prices high. That's why they do it because someone can't just put up a sign and say, Hey, I am now a barber. [00:52:10] Come get a haircut. And if you don't like the barber, if they do a lousy job, you go elsewhere. We don't need all of the bureaucracy on top of this to enforce licensure. Anyways, when we get back, let's talk about that Senate. It's a big deal. And I am coming down in the middle of this thing. Hey, visit me online. [00:52:30] Sign up right now. Craig peterson.com and get my special report on passwords. [00:52:38] We just talked about why big business loves regulation. It helps protect them from up and coming small business, frankly, let's look at this bill, the Klobuchar and Grassley just introduced in the Senate. [00:52:54] I am coming down in the middle of this bill. And let me tell you why we really do have a problem with some of these big businesses. [00:53:04] For those of you who were watching here on rumble or YouTube, I'm going to pull this up. This is an article that was originally in wired and is in ARS Technica, great website. They got lots of good information and the title of the bill is a Senate bill that has big texts. So the question is why now are ours technical? [00:53:27] I'm going to scroll this down so you can see what they are saying. They're claiming that this is really apocalyptic that frankly the people who are pushing against this bill are obviously the wrong people and everything else. But I love this point here. This is from a senior VP of policy at Yelp. [00:53:50] You can see this on my screen. Luther Lowe. And he's talking about this bill. Actually one of two. Antitrust bills is what they're called in the us. There's voted out of committee by a very strong bi-partisan vote. And the other bill is to regulate app stores and there's issues with that too, that we won't really be talking about today, but they have to do with protecting you the consumer. [00:54:19] If you can load any app you want from any app store on the internet, on your iPhone, is your iPhone still? Versus having to get it from apple. We're not talking about that one right now. This is Congress's shot here to stop big tech companies from abusing what they're calling a gatekeeper status. [00:54:42] So we're going to talk about that. What is this gig key keeper status? What does that mean? So Luther low back to him, VP of policy at Yelp long time ago. Antagonist says it, the ball game. That's how these guys stay big and relevant. If they can't put their hand on the scale that it makes them vulnerable to small and medium-sized companies eating their market share. [00:55:11] Isn't that what I was. Protecting themselves, protecting themselves against the small startups. And if you've got government regulation on your side, you can just hammer them with the fact that, Hey, you guys aren't compliant, right? If you've got some major government regulation to just look at what happened with Elon Musk, when he said I'm going to buy Twitter, all of a sudden his. [00:55:40] And he, his Twitter account has problem. All of a sudden what w what his money has prompted. All of a sudden when Elon Musk's that I'm going to buy Twitter, the government started investigating Tesla. It's amazing. How these people work and how they think. It's just, it's absolutely amazing. [00:56:00] So they use these big companies, use government to beat other people over there. It's like my example of the barbers, right? Do we really need licensing for barbers? Do we really need to have a barber board that oversees barbers? If someone harms you, there are laws against that. No. When I was, for 10 years, I was in EMS. [00:56:26] I was a volunteer EMT. You guys know that emergency medical technician and my wife was. And if we were to cut someone's hair without their consent, that would be considered assault, even battery in some cases. So there's laws on the book to protect your hair. Okay. Need laws about barbers? We don't need laws about so many things. [00:56:52] The government sticks its fingers in. And so what is it? Stick his fingers in here. What are they trying to do? Let me pull that up on this screen for you. Senators Amy Klobuchar and Chuck Grassley, CR grassy, I should say, who were our, excuse me. So are the top Democrat and Republicans on the Senate judiciary committee are saying, Hey, we need to regulate how Amazon, how Google and these others can use their position in order to. [00:57:30] Keep their fingers off the scale. So bottom line, that, that sounds like a pretty good idea to me. And that's the thing that fits on the bumpers bumper stickers, stop Google from putting their thumb on the scale. Stop Amazon from putting the thumb on the scale because we have. [00:57:47] Actual problems with this. We have seen where people who are using Amazon marketplace to sell their stuff. Why would they do that? Obviously they've got to pay a percentage to Amazon plus depending on how your business operates, you have to pay Amazon to warehouse. You're good. Just for you. You have to pay Amazon for all the logistic services for shipping, for moving around between Amazon warehouses and then for selling it, it can get pretty darn expensive. [00:58:20] Okay. Amazon charges, that seems pretty fair to me, right? The libertarian mindset. Where's the problem. I don't see the problem, Craig. The problem is that Amazon has. Own products that they want to sell more than half of what's on the Amazon store is actually sold by third parties. And we've talked about that before. [00:58:42] We talked about problems with that before, but that means that what almost half of it is sold by Amazon. So Amazon has a number of brands. Last I checked, it was a few dozen brands that don't look like they're Amazon. There's a home services brand. There's a place that sells couches or Chesterfields depending on where you're from. [00:59:06] There's a whole bunch of different businesses, clothing, businesses, et cetera, that are actually Amazon who might've bought a company or they saw. That accompany was doing really well in their marketplace by selling item X. So what do they do? They go ahead and say, okay we're going to start making an item X, see where the problem comes in. [00:59:29] So Amazon is using these small businesses that put everything on the line, right? They might have their house leveraged to the max. They might have sold their house and living with somebody else, apartments are too expensive. The cash to get their business going. They scraped the money together. [00:59:46] Maybe they had to pay $5,000 to have a mold made injection mold, and then they have the stuff made in the U S or in China, or there they're trying to print it on a 3d printer for the. Concept. And they'd go through a number of different iterations of trying to make that product work and consumers to like it. [01:00:07] And consumers give them feedback saying, what, if this was a quarter in smaller or moved over there on the product, that would just be so much more useful. So they add that they had the engineering time, they've invested quarter million dollars. Easily to get the product off the floor to get it out there and people start buying it. [01:00:29] Where are they selling it? They got to really sell it on Amazon marketplace because who else are you going to go to for logistics, sales, support, everything else. And not to mention the tax jurisdictions that want to collect money from you. And then Amazon comes out with a competing. Is that enough to drive you crazy. [01:00:51] Now we've seen this forever in the software industry. Microsoft has done this for years. Apple does it to I'm looking at a screen right here in front of me. I hooked up to an apple mini. Some of the side card functions and stuff. They were developed by a third party that spent their blood, sweat, tears, and money on developing it. [01:01:16] And then along comes a big guy and you're out of business. We've got to finish this up. We will do that. When we get back, what's a Senate doing actually here. And what does it mean to you and me? Hey, visit me online. Craig peterson.com. Get my insider information for free. [01:01:38] We just talked about how big business uses its advantages to crush potential competition. Crush them. And it's a shame and it's happened to me and many people I know, and now the Senate's getting involved and making things worse. [01:01:55] This happened to me a number of years ago, and I will never forget it. [01:02:00] It was a really big lesson for me. I had designed and written a computer system that would take the code that it was written for a much older system. And run it for much less money. So bottom line here, this was a system called Cade computer assisted data entry that was made by Sperry way back in the day. [01:02:25] Yeah. I've been in there for that long and they had little programs, so they would not punch cards, but punch right on two tapes, those big nine track tapes and that information would then be used for processing later on then. People, big businesses grocery stores, you name it. We're using that Sperry system. [01:02:48] And I designed a system that would take their COBOL is what it was. It was a form of COBOL code from this cage system. And you could use my code to compile it and run it on a Unix system. So the cost involved here was that it would be cheaper to buy a whole new Unix computer and buy new terminals and do some slight training changes. [01:03:18] But the key punch operators would be exactly the same keystrokes as they were already used to. Okay. So you know how fast they were, so it wouldn't slow than none at all. And their cost would be. Then just the maintenance contract on the old Sperry cage. Very cool stuff. And I worked really well. [01:03:38] Then I worked with a couple of sales guys at spirit because Barry had a Unix tower system. It was a mini computer that was Unix space. And I had one, I had saved up my money. We bought this thing. It was a lot of money nowadays. It'd be about a hundred thousand dollars I spent on that system and it was really great. [01:04:00] Cool. So some grocery stores started using it. They used it to build the space shuttle to design it and send it into space. RCA, Astro space used it, my system, which is all really cool. So Sperry was interested in it saying, okay let's do this. Now. I had flown myself across the country too, because I was in California at the time to do some of this work for. [01:04:25] The for RCA Astro space for the space program and help make sure it was working and get it installed, help them configure it and everything else. So I had a lot of time, a lot of money, a lot of effort into this. It was a big venture. So Sperry invited me down to their headquarters down in blue bell, Pennsylvania to talk about this. [01:04:50] And I was so excited because their sales guys wanted to sell it. They gave me some free space in a booth in Las Vegas. So I was in the Sperry booth with them and, say, yeah, you can buy this. And you're using the Sperry, the new Sperry hardware. And I went down there and talked with them. [01:05:10] They never did anything with me, or, here's a huge investment young guy. And all of this stuff just worked and they had proof of concept. They had a couple of customers already using the system and it never materialized. And then about a year and a half later, I found out Sperry had tried to duplicate my system and had messed it up terribly. [01:05:35] It wasn't keystroke compatible. So anyone using the new Sperry system, they had to learn. Okay. So I got to hit this and I got to go over here and I got to click on this. Are you kidding me using a mouse? Aren't you not? These are data entry operators. They just go all day long, just typing and. [01:05:52] They had stolen my ideas. They messed it up. They didn't do as good a job as I did, which turns out it's pretty common. And they had stolen it. They stolen years of my life. So I've seen that before with me. I've seen Microsoft do that with friends of mine, and I've seen apple do it with various products that they've decided to release. [01:06:17] They all do it. Why do you think these businesses can not spend money on research and development, and yet at the same time, stay in business as technology's continuing to move forward? Why? The reason is. They don't have to do, or why would we do T wait a minute. Now, all we have to do is either buy the company or steal the product just re-engineer. [01:06:44] Oh. And if we want to buy the company, we can do what Microsoft has been accused of doing again and again, which is. We'll just Microsoft. Let's see here. I like that database is pretty darn cool. So here's what we're going to do. So Microsoft announces, Hey, we're going to have a competitor to that in coming out soon. [01:07:03] And then they sit there and they wait and they say, okay, how many people are going to ask about, oh wow. A lot of people asking for it. In the meantime, that company that had that great little database soft. Trying to sell it. And people are saying, wait, Microsoft is going to come up with a version of this. [01:07:18] I'm just, I'm going to wait. We can wait a few months. Let's see what Microsoft. So that poor company is now seriously struggling because this big company came out and made the announcement that they're going to do something like this. And then that small company gets a knock on the door. Hey, we're Microsoft or company X. [01:07:41] And we like your product. Wow. Okay. So we're going to do a buyout. We're going to we're just, oh, this is going to be fantastic. I might have to sign what a two year contract non-compete and help them manage it. Okay. We can deal with this. And then they find out that company X says Your company is not worth that much anymore. [01:08:02] Your sales look at their sales here, man. They've gone way down. Okay. So let me see let's do a nickel on every dollar evaluation you had a year ago. This happens every day, worldwide in America, it should never happen to anyone. And as you can tell, it upsets me. So what are Klobuchar and Grassley doing here? [01:08:30] Amy, when she was running for president, she made this big deal. I'm going to pull us up on my screen. Those of you who are watching on rumble or YouTube. And you can find all of that in my website, Craig peterson.com can see here. So they are trying to protect the American consumer, right? Yeah. [01:08:49] Yeah. That's it. They're gonna protect us. And so what they're doing is saying that. Would a rule ruin Google search results because that's what Google says. Is it going to bar apple from offering new features, useful ones on the iPhone? How about Facebook? Will it stop them from moderating content? So the legislation's core idea is we will just. [01:09:17] The marketplace take care of things. We're not going to let Amazon put their products in the product listings before third parties, but how are you possibly going to be able to regulate that stuff you can't, you can regulate it talking about a bureaucracy. You'd probably need one about as big as the federal government is right now. [01:09:41] And the federal government needs to be cut back in a major way. There's this two months. How about the 150 million Americans? This article brings that up to that are currently using Amazon prime, even though the price one hump. And they have it free to prime members. It's this is a big deal. [01:10:00] The bill doesn't mention prime. Doesn't mention Google by name, Amazon. But this is going to be a nightmare to enforce the bill is not specific enough. It should be voted down. And between you and me, I don't know what can be done about this other than to have additional marketplaces show up online. And you know what the conservative social media sites are starting to win. [01:10:29] So maybe there's hope. [01:10:32] We've got two things we're going to talk about right now. One of them is tech jobs. And man, is there a lot of scamming going on there as you might expect in the second is cloud, are you looking at cloud services? Hey, a home or business. [01:10:48] You can see this. I'm going to pull this up on my screen for those watching on rumble or on YouTube, but this is a big problem. [01:10:58] And we've seen this again and again right now, they're going after certain workers in the chemical. The sector, but it isn't just the chemical sector. What we've seen is the bad guys going after anyone that's applying for a job. So let me give you a few tips here. First of all, you should not be pain to apply for a job. [01:11:25] We see that all of the time when it comes to the head hunting firms, what. Is, they will charge the business who is looking to hire someone that makes sense to you. They'll hire they'll charge the business. So oftentimes it's a percentage of the annual salary committee where from usually 20% up to a hundred percent or more, depending on the position. [01:11:49] And boy can, they make a lot of money, but they don't necessarily place. People, but you know how it is right now, there, there can be quite a few. So people have been applying for jobs to make a lot of money and not realizing that fee that supposedly they have to pay is illegitimate. So remember that. [01:12:10] Okay. The second thing has to do with this particular scam, because what they're trying to do is. Into some of these companies. So they will send a thing out saying, Hey, on my head hunter, I'm here for you. We're going to get you this job you need to apply. Are you interested in a new job now? I've seen some stats online saying that somewhere around 30 plus percent of people are looking or at least open to. [01:12:45] Take getting a new job, which means a lot more are looking for jobs. Now I have to add to that, that the people who have jumped ship over the lockdown period really are not happy. The majority of them wish they had stayed where they were at. So keep that in mind too. But what they'll do is they'll say, Hey, listen. [01:13:07] Oh, there's this new feature on LinkedIn. By the way, you can say y'all are, I'm interested in looking for a job. I forget exactly what it says, but it goes around your picture and I have it up there because I'm a contractor, I go to businesses and I'm. To harden their cybersecurity. And we usually start slowly, especially with some of these startups we're doing work with right now where they won't, they go from a completely flat network and it's all engineers and I don't want anything hindering anything. [01:13:39] And so you got to work with them and it's just, we had a time sort of a thing. Okay. I just had this one thing this week. And then move on to one thing next week as well. So that's what I do for a living. And a lot of people are looking on LinkedIn and other places to find people who can be a chief information security officer. [01:14:01] So I'm what you call a fractional chief information security officer. I do this under contract and I've been doing contracts and contract work for. I don't know if I shouldn't be on the air, but my gosh it's been now I guess it's 40 years right now. So I've been doing this for a long time. [01:14:22] So I'm familiar with some of these scams, so they didn't take my word on some of this stuff. So what they do is they say, Hey, we've got a potential job opening. Are you in interested now? When we talk about 30 plus percent of people polled say that they're looking interested in a new job, the numbers are probably a little higher. Not that everyone's going to jump ship. Some people will, but there are a lot of people that if they get this email, they're going to open it up. And so what'll happen now is this group out of North Korea called the Lazarus group? And we've talked about them before. [01:15:00] We'll go ahead and say yeah, the here's, what's going to happen here. Let's just send you this thing. You can open it up. You can look at it and see if it's really a fit for you. I love this graphic that they have. This is from dark reading. I have it up on the screen again. Rumble and YouTube. [01:15:19] What should we do now? Should I open this up? Should I not open it up? It turns out that what's happening is that Symantec and Broadcom, both have noticed this and stated in an advisory a couple of weeks ago. Be very careful because what it's going to do is install a Trojan horse on your computer. [01:15:40] So let's think about this. You're talking about the chemicals

    Do You Know How Crypto's Nose-dive Will Even Hurt Your 401K?

    Play Episode Listen Later May 21, 2022 83:25

    Do You Know How Crypto's Nose-dive Will Even Hurt Your 401K? Hey, it looks like if you did not invest in "Crypto," you were making a smart move! Wow. We got a lot to talk about here. Crypto has dived big time. It's incredible. What's happened? We get into that and more. [Following is an automated transcript] Hi everybody. Craig Peterson here. Appreciate your joining me today. Spend a little bit of time with me. It's always a fun thing to do thanks for coming in. And Thanks for sticking around.  [00:00:29] Crypto currencies. It's a term for all kinds of these basically non-government sanctioned currencies. [00:00:39] And the idea behind it was I should be able to trade with you and you should be able to trade with me. We should be able to verify the transactions and it's nobody's business as to what's happening behind the scenes. And yet in reality, Everybody's business because all of those transactions are recorded in a very public way. [00:01:03] So crypto in this case does not mean secret or cryptography. It's actually referring to the way the ledgers work and your wallet. And in fact, the actual coins themselves, a lot of people have bought. I was talking with my friend, Matt earlier this week and Matt was saying, Hey, listen I made a lot of money off a crypto. [00:01:29] He's basically a day trader. He watches it. And is it going up? Is it going down? Which coin is doge coin? The way to go? Because Elon Musk just mentioned it. Is it something else? What should I do? And he buys and sells and has made money off of it. However, a lot of people have. And held on to various cryptocurrencies. [00:01:51] Of course, the most popular one. The one everybody knows about is Bitcoin and Bitcoin is pretty good stuff, bottom line, but 40% right now of Bitcoin investors are underway. Isn't that incredible because of the major drop-off from the November peak. And this was all started by a problem that was over at something called Terra Luna, which is another cryptocurrency now. [00:02:22] Already that there is a ton of vulnerable vol a ton of changes in price in various cryptocurrencies, Bitcoin being of course a real big one where, we've seen 5,000, $10,000 per Bitcoin drops. It really is an amazingly fluid if you will coin. So there's a number of different people that have come out with some plans. [00:02:47] How about if we do like what the us dollar used to do, which is it's tied to a specific amount of gold or tied to a specific amount of silver. And of course, it's been a while since that was the case. President Nixon is the one that got us off of those standards. Having a gold, for instance, back in your currency means that there is going to be far less fluctuation and your currency means something. [00:03:16] See, the whole idea behind currency markets for government is yeah, you do print money and you do continue to increase the amount of money you print every year. Because what you're trying to do is create money for the. Good product services that are created as well. So if we created another million dollars worth of services in the economy, there should be another million dollars in circulation that's the basic theory. [00:03:46] Monetary theory, really boiling. Down now of course, already our government is printed way more than it. Maybe should have. It is certainly causing inflation. There's no doubt about that one. So they're looking at these various cryptocurrencies and say what can we do? How can we have a gold standard where the us dollar was the currency the world used and its value was known. [00:04:10] Having a stable currency is incredibly important for consumers and businesses. The business needs to know, Hey, listen, like we signed a three-year contract with our vendors and with our customers. And so we need a stable price. So we know what's our cost going to be, what can we charge our customer here? [00:04:30] Can the customer bear the price increases, et cetera. The answer to most of those questions of course is no, they really can't is particularly in this day and age. So having a. Fixed currency. We know how much it's worth. I know in two years from now, I'm not going to be completely upside down with this customer because I'm having to eat some major increases in prices. [00:04:55] And as a consumer, you want to look at it and say, wow, I've got a variable rate interest rate on my mortgage. And man, I remember friends of mine back in the eighties, early eighties, late seventies, who just got nailed by those. They had variable rate interest loan on their home because that's all they could get. [00:05:14] That's all they could afford. So the variable rate just kept going up. It was higher than credit cards are nowadays. I remember a friend of mine complaining. They had 25% interest and that's when they lost the house because 25% interest means if you have a hundred thousand dollar loan, you got $25,000 in interest that year, let alone principal payments. [00:05:36] So it, it was a really. I think it was really hard for people to, to deal with. And I can understand that. So the cryptocurrency guys. I said, okay, let's tie it to something else. So the value has a value and part of what they were trying to tie it to is the us dollar. That's some currencies decided to do that. [00:06:00] And there were others that tried to tie it to actual. Assets. So it wasn't just tied to the dollar. It was okay. We have X dollars in this bank account and that's, what's backing the value of our currency, which is quite amazing, to think about that. Some of them are backed by gold or other precious metals. [00:06:24] Nowadays that includes a lot of different metals. This one coin called Terra Luna dropped almost a hundred percent last year. Isn't that amazing. And it had a sister token called Tara USD, which Tara Luna was tied to. Now, this is all called stable coin. The idea is the prices will be staying. [00:06:46] And in the case of Tara and Tara USD, the stability was provided by a computer program. So there's nothing really behind it, other than it can be backed by the community currencies themselves. So th that's something like inter coin, for instance, this is another one of the, there are hundreds of them out there of these cryptocurrencies. [00:07:13] Yeah. The community backs it. So goods and services that you can get in some of these communities is what gives value to inter coin money system. Now that makes sense too, right? Because the dollar is only worth something to you. If it's worth something to someone else, if you were the only person in the world that had us dollars, who would want. [00:07:36] Obviously the economy is working without us dollars. So why would they try and trade with you? If you had something called a us dollar that nobody else had, or you came up with something, you made something up out of thin air and said, okay, this is now worth this much. Or it's backed by that. [00:07:56] Because if again, if he can't spend it, it's not worth anything. Anyhow, this is a very big deal because on top of these various cryptocurrencies losing incredible amounts of money over the last couple of weeks, We have another problem with cryptocurrencies. If you own cryptocurrencies, you have, what's called a wallet and that wallet has a transaction number that's used for you to track and others to track the money that you have in the cryptocurrencies. [00:08:29] And it's pretty good. Function or feature it's hard for a lot of people to do so they have these kinds of crypto banks. So if you have one of these currencies, you can just have your currency on deposit at this bank because there's a whole bunch of reasons, but one of the reasons is that. [00:08:50] There is a run on a bank, or if there's a run on a cryptocurrency, currencies have built into them incredibly expensive penalties. If you try and liquidate that cryptocurrency quickly. And also if there are a lot of people trying to liquidate it. So you had a double whammy and people were paying more than three. [00:09:13] Coin in order to sell Bitcoin. And so think about that and think about much a Bitcoin's worth, which is tens of thousands of dollars. So it's overall, this is a problem. It's been a very big problem. So people put it into a bank. So Coinbase is one of the big one called Coinbase, had its first quarter earnings report. [00:09:37] Now, this is the U S is largest cryptocurrency exchange and they had a quarterly loss for the first quarter of 2022 of $430 million. That's their loss. And they had an almost 20% drop in monthly users of coins. So th that's something right. And they put it in their statement. Their quarterly statement here is to, WhatsApp. [00:10:07] Here's the real scary part Coinbase said in its earnings report. Last Tuesday that it holds. $256 billion in both Fiat currencies and cryptocurrencies on behalf of its customer. So Fiat currencies are things like the federal reserve notes are U S dollar, okay. Quarter of a trillion dollars that it's holding for other people think of it like a bank. [00:10:36] However, they said in the event, Coinbase we ever declare bankruptcy, quote, the crypto assets. We hold in custody on behalf of our customers could be subject to bankruptcy proceedings. Coinbase users would become general unsecured creditors, meaning they have no right to claim any specific property from the exchange in proceedings people's funds would become in accessible. [00:11:06] A very big deal. Very scary for a very good reasons. Hey, when we come back a website, no, you go, you type stuff in my email address, do you know? You don't even have to hit submit. In most cases, they're stealing it. [00:11:23] I'm sure you've heard of JavaScript into your browser. This is a programming language that actually runs programs right there in your web browser, whether you like it or not. And we just had a study on this. A hundred thousand websites are collecting. Information upfront. [00:11:40] Hi, I'm Craig Peterson, your chief information security officer. This is not a surprising thing to me. I have in my web browser, I have JavaScript turned off for most websites that I go to now, Java script is a programming language and then lets them do some pretty cool things on a webpage. [00:12:02] In fact, that's the whole idea behind Java. Just like cookies on a web browser, where they have a great use, which is to help keep track of what you're doing on the website, where you're going, pulling up other information that you care about, right? Part of your navigation can be done with cookies. They go on and on in their usefulness. [00:12:23] Part of the problem is that people are using them to track you online. So like Facebook and many others will go ahead and have their cookies on the other websites. So they know where you're going, what you're doing, even when you're not on Facebook, that's by the way, part of. The Firefox browsers been trying to overcome here. [00:12:48] They have a special fenced in mode that happens automatically when you're using Firefox on Facebook. Pretty good. Pretty cool. The apple iOS device. Use a different mechanism. And in fact, they're already saying that Facebook and some of these others who sell advertiser in from advertisers information about you have really had some major losses in revenue because apple is blocking their access to certain information about you back to Jarvis. [00:13:24] It's a programming language that they can use to do almost anything on your web browser. Bad guys have figured out that if they can get you to go to a website or if they can insert an ad onto a page that you're visiting, they can then use. Your web browser, because it's basically just a computer to do what while to mine, Bitcoin or other cryptocurrencies. [00:13:51] So you're paying for the electricity for them as your computer is sitting there crunching on these algorithms that they need to use to figure out the, how to find the next Bitcoin or whatever. And you are only noticing that your device is slowing down. For instance, our friends over on the Android platform have found before that sometimes their phones are getting extremely hot, even when they're not using them. [00:14:18] And we found that yeah, many times that's just. Bitcoin miner who has taken over partial control of your phone just enough to mind Bitcoin. And they did that through your web browser and JavaScript. So you can now see some of the reasons that I go ahead and disable JavaScript on most websites I go to now, some websites aren't going to work. [00:14:40] I want to warn you up front. If you go into your browser settings and turn off JavaScript, you are going. Break a number of websites, in fact many of the websites that are out there. So you got to figure out which sites do you want it on? Which sites don't you want it on? But there's another problem that we have found just this week. [00:15:00] And it is based on a study that was done as reported in ARS Technica, but they found. A hundred thousand top websites, a hundred thousand top websites. These include signing up for a newsletter or making a hotel reservation, checking out online. You probably take for granted that you nothing happens until you hit submit, right? [00:15:25] That used to be the case in web one dot O day. It isn't anymore. Now I want to point out we, I have thousands of people who are on my email list. So every week they get my insider show notes. So these are the top articles of the week. They are, usually six to 10 articles, usually eight of them that are talking about cybersecurity, things of importance. [00:15:51] The whole radio show and podcasts are based on those insider show notes that I also share with the host of all of the different radio shows and television shows that I appear on. It's pretty, pretty cool. So they get that, but I do not use this type of technology. Yeah. There's some Java script. [00:16:11] That'll make a little signup thing come up at the top of the screen, but I am not using technology that is in your face or doing. What these people are doing, right? So you start filling out a form. You haven't hit cement. And have you noticed all of a sudden you're getting emails from. It's happened to me before. [00:16:31] Your assumption about hitting submit, isn't always the case. Some researchers from KU Leuven university and university of Lu sane, crawled and analyze the top 100,000 websites. So crawling means they have a little robot that goes to visit the web page, downloads all of the code that's on the page. [00:16:55] And then. Analyzed it all so what they found was that a user visiting a site, if the user is in the European union is treated differently than someone who visits the site from the United States. Now there's a good reason for it. We've helped companies with complying with the GDPR, which are these protection rules that are in place in the European union. [00:17:21] And that's why you're seeing so many websites. Mine included that say, Hey, listen, we do collect some information on you. You can click here to find out more and there's some websites let you say no. I don't want you to have any information about me where you collect information, just so that you can navigate the site properly. [00:17:39] Okay. Very basic, but that's why European union users are treated differently than those coming from the United States. So this new research found that over 1800 websites gathered an EU users' email address without their consent. So it's almost 2000 websites out of the top 100,000. If you're in the EU and they found. [00:18:07] About well, 3000 website logged a U S users' email in some form. Now that's, before you hit submit. So you start typing in your email, you type in your name and you don't hit cement. Many of the sites are apparently grabbing that information, putting it into the database and maybe even started using it before you gave them explicit permission to do. [00:18:36] Isn't that a fascinating and the 1800 sites that gathered information on European news union users without their consent are breaking the law. That's why so many us companies decided they had to comply with the GDPR because it's a real big problem. So these guys also crawled websites for password leaks and made 2021, and they found 52 websites where third parties, including Yandex, Yandex is. [00:19:11] Big Russian search engine and more we're collecting password data before submission. So since then the group went ahead and let the websites know what was happening, what they found because it's not necessarily intentional by the website itself. It might be a third party, but third-party piece of software. [00:19:33] That's doing it. They w they informed those sites. Hey, listen, you're collecting user data before there's been explicit consent to collect it. In other words, you, before you hit the submit button and they thought, wow, this is very surprising. They thought they might find a few hundred website. In the course of a year now they've found that there were over 3000 websites really that were doing this stuff. [00:20:01] So they presented their findings that use neck. Oh, actually they haven't presented them yet because it's going to be a useful. In August and these are what the cold leaky forum. So yet another reason to turn off JavaScript when you can. But I also got to add a lot of the forums do not work if JavaScript's not enabled. [00:20:23] So we got to do something about it. Maybe complain, make sure they aren't collecting your. Maybe I should do a little course on that once you can figure out are they doing it before I even give them permission? Anyhow, this is Greg Peterson. Visit me online, Craig Peter, som.com and sign up for that. No obligation insider show notes. [00:20:44] We are shipping all kinds of military equipment over to Ukraine. And right now they're talking about another $30 billion worth of equipment being shipped to what was the world's number one arms dealer. [00:21:00] I'm looking right now at an article that was in the Washington post. And some of their stuff is good. [00:21:07] Some of their stuff is bad, I guess like pretty much any media outlet, but they're raising some really good points here. One of them is that we are shipping some pretty advanced equipment and some not so advanced equipment to you. To help them fight in this war to protect themselves from Russia. [00:21:31] Now, all of that's pretty common. Ultimately looking back in history, there have been a lot of people who've made a lot of money off of wars. Many of the big banks financing, both sides of wars. Going way, way back and coming all the way up through the 20th century. And part of the way people make money in war time is obviously making the equipment and supplies and stuff that the armies need. [00:22:03] The other way that they do it is by trading in arms. So not just the supplies. The bullets all the way through the advanced missile systems. Now there's been some concerns because of what we have been seen online. We've talked about telegram here before, not the safest webs, app to use or to keep in touch. [00:22:28] It's really an app for your phone. And it's being used by. Ukraine to really coordinate some of their hacker activities against Russia. They've also been using it in Russia to have telegram that is in order to communicate with each other. Ukraine has posted pictures of some of the killed soldiers from Russia and people have been reaching out to their mothers in Russia. [00:22:57] They've done a lot of stuff with telegram. It's interesting. And hopefully eventually we'll find out what the real truth is, right? Because all of a sudden hides in the military, he uses a lot of propaganda, right? The first casualty in war is the truth. It always has been. So we're selling to a comm country, Ukraine that has made a lot of money off of selling. [00:23:22] Then systems being an intimate intermediary. So you're not buying the system from Russia? No. You're buying it from Ukraine and it has been of course, just as deadly, but now we are sending. Equipment military grade equipment to Ukraine. We could talk about just that a lot. I mentioned the whole Lend-Lease program many months ago now teams to be in the news. [00:23:50] Now it takes a while for the mainstream media to catch up with us. I'm usually about six to 12 weeks ahead of what they're talking about. And it's so when we're talking about Lynn Lee sent me. We're not giving it to them. We're not selling it to them. We're just lending them the equipment or perhaps leasing it just like we did for the United Kingdom back in world war two, not a bad idea. [00:24:16] If you want to get weapons into the hands of an adversary and not really, or not an adversary, but an ally or potential ally against an adversary that you have, and they have. But part of the problem is we're talking about Ukraine here. Ukraine was not invited in Donato because it was so corrupt. You might remember. [00:24:39] They elected a new president over there that president started investigating, hired a prosecutor to go after the corruption in Ukraine. And then you heard president Joe Biden, vice president at the time bragging about how he got this guy shut down. Yeah, he got the prosecutor shut down the prosecutor that had his sights on, of course hunter Biden as well as other people. [00:25:03] So it's a real problem, but. Let's set that aside for now, we're talking about Ukraine and the weapon systems who we've been sending over there. There have been rumors out there. I haven't seen hard evidence, but I have seen things in various papers worldwide talking about telegram, saying. The Ukrainians have somehow gotten their hands on these weapons and are selling them on telegram. [00:25:32] Imagine that a effectively kind of a dark web thing, so we're saying the byte administration okay. There, that none of this is going to happen. Why? Because we went ahead and we put into the contracts that they could not sell or share or give any of this equipment away without the explicit permission of the United States, governor. [00:25:57] Okay. That kind of sounds like it's not a bad idea. I would certainly put it into any contract like this, no question, but what could, what happened here? If this equipment falls into the hands of our adversaries or our other Western countries, NATO countries, how do you keep track of them? It's very hard to do. [00:26:18] How do you know who's actually using. Very hard to do so in forcing these types of contracts is very difficult, which makes the contract pretty weak, frankly. And then let's look at Washington DC, the United States, according to the Washington post in mid April, gave Ukraine a fleet of M 17 helicopter. Now, these are my 17 helicopters are Russian, originally Soviet designs. [00:26:51] Okay. And they were bought by the United States. About 10 years ago, we bought them for Afghans government, which of course now has been deposed, but we still have our hands on some of these helicopters. And when we bought them from Russia, We signed a contract. The United States signed a contract promising not to transfer the helicopters to any third country quote without the approval of the Russian Federation. [00:27:23] Now that's according to a copy of the certificate that's posted on the website of Russia's federal service on military technical cooperation. Russia has come out and said that our transfer, those helicopters has grossly violated the foundations of international law. And you know what they think it has, right? [00:27:43] Arms experts are saying the Russia's aggression Ukraine more than justifies you. I support, but the violations of the weapons contracts, man, that really hurts our credibility and our we're not honoring these contracts. How can we expect you crane to honor those contracts? That's where the problem really comes in. [00:28:07] And it's ultimately a very big problem. So this emergency spending bill that it, the $30 billion. Makes you crane, the world's single largest recipient of us security assistance ever. They've received more in 2022 than United States ever provided to Afghanistan, Iraq, or Israel in a single. [00:28:33] So they're adding to the stockpiles of weapons that we've already committed. We've got 1400 stinger and the aircraft systems, 5,500 anti-tank missiles, 700 switch blade drones, nine 90. Excuse me, long range Howard. There's that's our Chellora 7,000 small arms. 50 million rounds of ammunition and other minds, explosives and laser guided rocket systems, according to the Washington post. [00:29:03] So it's fascinating to look. It's a real problem. And now that we've got the bad guys who are using the dark web, remember the dark web system that we set up, the onion network. Yeah. That one they can take these, they can sell them, they can move them around. It is a real problem. A very big problem. What are we going to do when all of those weapons systems come back aimed at us this time? [00:29:32] It's one thing to leave billions of dollars worth of helicopters, et cetera, back in Afghanistan is the Biden administration did with her crazy withdrawal tactic. But at least those will wear out the bullets, missile systems, Howard, a different deal. [00:29:51] It seems like the government calls a war on everything, the war against drugs or against poverty. Now we are looking at a war against end-to-end encryption by governments worldwide, including our own. [00:30:07] The European union is following in America's footsteps steps again, only a few years behind this time. [00:30:16] But it's not a good thing. In this case, you might remember a few have been following cybersecurity. Like I have back in the Clinton administration, there was a very heavy push for something called the clipper chip. And I think that your whole clipper chip. Actually started with the Bush administration and it was a bad thing because what they were trying to do is force all businesses to use this encryption chip set that was developed and promoted by the national security agency. [00:30:52] And it was supposed to be an encryption device that is used to secure voice and data messages. And it had a built-in. Back door that allowed federal state, local law enforcement, anybody that had the key, the ability to decode any intercepted voice or data transmissions. It was introduced in 93 and was thank goodness. [00:31:19] Defunct by 1996. So it used something called skipjack, man. I remember that a lot and use it to transfer Dilley or defi, excuse me, Hellman key exchange. I've worked with that maybe for crypto keys that used it. Use the Dez algorithm, the data encryption standard, which is still used today. And the Clinton administration argued that the clipper chip was. [00:31:46] Absolutely essential for law enforcement to keep up with a constantly progressing technology in the United States. And a lot of people believe that using this would act as frankly, an additional way for terrorists to receive information and to break into encrypted information. And the Clinton administration argued that it would increase national security because terrorists would have to use it to communicate with outsiders, bank, suppliers, contacts, and the government could listen in on those calls, are we supposed to in the United States have a right to be secure in our papers and other things, right? That the federal government has no right to come into any of that stuff unless they get a court order. So they were saying we would take this key. We'll make sure that it's in a lock box, just like Al gore social security money. [00:32:41] And no one would be able to get their hands on it, except anyone that wanted to, unless there was a court order and you know how this stuff goes. And it just continues to progress. A lot worse. There was a lot of backlash by it. The electronic privacy information center, electronic frontier foundation boast, both pushed back saying that it would be. [00:33:05] Only have the effect of have not, excuse me, have the effect of, this is a quote, not only subjecting citizens to increased impossibly illegal government surveillance, but that the strength of the clipper Chip's encryption could not be evaluated by the public as it's designed. It was classified secret and that therefore individuals and businesses might be hobbled with an insecure communication system, which is absolutely true. [00:33:33] And the NSA went on to do some things like pollute, random number generators and other things to make it so that it was almost impossible to have end-to-end encrypted data. So we were able to kill. Many years ago. Now what about 30 years ago? When they introduced this thing? It took a few years to get rid of it, but now the EU is out there saying they want to stop and end encryption. [00:34:00] The United States has already said that the new director of Homeland security has, and as well as Trump's again Homeland security people said we need to be able to break the. And we've talked about some of those stories, real world stories of things that have happened because of the encryption. [00:34:20] So the EU is now got our proposal forward. That would force tech companies to scan private messages for child sexual abuse material called CSM and evidence of grooming. Even when those messages are supposed to be protected by indenting. So we know how this goes, right? It starts at something that everybody can agree on, right? [00:34:48] This child, sexual abuse material abductions of children, there's still a lot of slavery going on in the world. All of that stuff needs to be stopped. And so we say, yeah. Okay. That makes a whole lot of sense, but where does it end? Online services that receive detection orders. This is from ARS Technica under the pending European union legislation would have obligations concerning the detection, the reporting, the removal, and blocking of known and. [00:35:20] Child sexual abuse material, as well as the solicitation of children. So what we're starting to see here in the us is some apps, some companies that make smartphones, for instance, looking at pictures that are sent and shared to see if it looks like it might be pornographic in. Because again, we're seeing the younger kids who are sending pictures of each other naked or body parts and they get to others. [00:35:46] If you can believe that. Absolutely incredible. But what happens when you send them using an end-to-end encrypted app? Now, my advice for people who want to keep information private, you're a business person you're working on a deal. You don't go to Twitter like Elon Musk and put it out there for the world. [00:36:08] Although, I'm sure he's got some ulterior motives in doing that. You use an app called signal. That's certainly the best one that's out there right now. It provides a whole lot of encryption and privacy, and even has some stuff built in to break the software. That's often used to break into the end to end encryption systems. [00:36:29] So they're trying to get this in place here. They're calling it an important security tool. But it's ordering companies to break that end to end encryption by whatever technological means necessary. It's going to be hard because it's, frankly, it's going to be impossible for them to enforce this because you can take encrypted data and make it look like. [00:36:53] Anything, and man has that happened for a long time? Think of the microdots way back when, certainly in rural world war two and on, they were very popular there's techniques to encrypt data and embedded in a photograph and make it almost impossible to detect. So again they're not going to get to do what they're hoping to do. [00:37:18] And I think that's an important thing for everybody. Please pay close attention to, so they do want to get rid of end-to-end there's WhatsApp out there, which I don't really trust because it's owned by Facebook, but that's supposedly end to end. There's end to end encryption on apple. I message. Although. [00:37:38] Apparently, there are some ways to get into that. I think apple is now maintaining a secondary key that they can use to decrypt, but the back doors that the us has called for and other people have called for. I have been pushed back by companies like apple CEO, Tim cook, oppose the government mandated back doors. [00:38:01] Of course, apple got a major backlash from security experts when in veiled, a plan to how I phones and other devices, scan user photos for child sexual abuse images. That's what I was referring to earlier. And apple put that plan on hold and promised to make changes. But this is apple all over again. And it's hard to say what's the least privacy intrusive way, because if the ISP can read them all, if the company that's providing new with the app that you're using to send the message. [00:38:34] I can read them all, how much privacy is there and if they can read it, who else can read it and what can be done with it? Blackmail has happened many times in the past because someone got their hands on something. So what happens when a Congressman or the military or someone in the military uses that's another problem. [00:38:54] Because if we don't know the way the encryption is being used or is made just like, was true with a clipper chip. And then we move on to the next step, which is okay. So what do we do now with this data that we're storing? Are they going to keep that data confidential? Can they keep it out of the hands of the criminals. [00:39:17] We've certainly found that they just haven't been able to. And if you're talking about grooming, which is what the European union wants. In other words, someone that's trying to get a child to the point where they're doing something that would be important. You've got two. Look at all of the messages, you have to have them analyze by some sort of an AI artificial intelligence, and then ultimately analyzed by people. [00:39:42] It's just going to get worse and worse. This is the most sophisticated mass surveillance machinery. That has ever been deployed outside of China in the USSR. It's absolutely incredible when you look at it from a crypto graphic standpoint. And again, we understand protecting the children. We all want to do that, but how far will this end up going? [00:40:06] I also want to point out that. Nu insider show notes that I've been sending out over the last few weeks have had some amazing responses from people. I've had people saying that this is what they look for in their mailbox. It's the first piece of email they read that it's the most relevant news. But you can only get it one way and that's by going to Craig peterson.com, you can sign up there. [00:40:33] It's easy enough to do. There's no obligation on your part, right? This is not my paid newsletter. This is absolutely free. And it's incredibly valuable. Plus I'll also be sending you once a week. Ish, a small training, just, it takes you a few minutes to read. I just last week went through the firewall in your windows machine, the firewall. [00:40:56] And gave you step-by-step instructions. Is it turned on? What is it doing? What should it do? How do you turn it on and how do you use it? So you can only get that one way and that's, if you are on my email list, so it's important to be there. And if you have any questions, you can hit reply. Any of those emails where there's a training, or if it's the insider show notes, just hit reply. [00:41:22] And I'll go ahead and answer your question. You might have to wait a few days cause I can get pretty busy sometimes, but always answer. So me M e@craigpeterson.com. Anybody can send me email and you can also text me at 6 1 7 503 2 2 1 6 1 7 5. 3, 2, 2, 1 with any questions? That's it for right now, there is so much more. [00:41:51] Make sure you sign up right now. And of course there's more coming right up. So stick around. . [00:42:04] Jam packed today. We're going to start with non fungible tokens. If you don't know what those are, this is a very big deal because so many people are investing in them right now. Are they really investments? I've got a bit of a blow back here. Most people think that Bitcoin is anonymous. We're going to talk about how it absolutely is not. [00:42:24] We're going to talk about anonymous. In fact, the Russians, Microsoft, what they're doing against the Russians and this little comedic thing about cars. [00:42:32] NFTs or very big deal. [00:42:34] I'm going to pull up here on my screen right now. This is a picture of Mr. Jack Dorsey. We'll go full screen, an article from a website called CoinDesk. CoinDesk is one of these sites that really tries to track what's happening out there in the Bitcoin community. Of course, nowadays it's much more than Bitcoin. [00:42:57] Isn't it? We're talking about all kinds of. Different currencies that have a blockchain backend. They're called cryptocurrencies basically. But the big one was of course, Bitcoin. And there is a whole concept. Now, when we're talking about things like cryptocurrencies and these non fungible tokens. People have been investing them in them. [00:43:23] Like crazy people are making millions of dollars every week. Now, remember, I am not an investment advisor and particularly I'm not your investment advisor. So take all the. To your investment advisor. I'm not telling you to buy them. I am telling you to be cautious here though, because these non fungible tokens are designed to give you the ability to be able to just, own something in the digital world. [00:43:52] What might you own in the digital world? We've had a lot of different stuff. We've seen some just crazy monkey things. Have you seen those, these little pictures of monkeys there? Graphic designed and it's all animated. If you will. It's like cartoons and people pay money for them. One of the things that people paid money for was the rights to the first tweet ever on Twitter. [00:44:20] So that's what you're getting. When we're talking about an NFT on a non fungible transaction, it is now yours. So this particular NFT we're talking about was of our friend here, Jack Dorsey. We'll pull it up again, this article, and he had a tweet that was sold last year for $48 million. That is a lot of money. [00:44:47] So people look at this as an investment, but it's not the same as hanging art on the wall. You've got a Picasso that has some intrinsic value. It's a painting. It has all the oil paint on that, it was designed by and painted by a crazy man years ago. And you can take that Picasso and you can. [00:45:11] Turn it around and sell it. It has some real value. If you own the rights to something, let's say it's one of these monkey pictures. It reminds me of a postage stamp and you paid real money for it. Some of these things are going, as I said, for over a million dollars and this Jack Dorsey first tweet went for $48 million. [00:45:31] So let's say that's what you did, right? You bought this thing for $48 million. Really? What do you have? Because anybody can go online and look at that tweet. Anybody can print it up and stick it on a wall. Anybody can go out and get that picture of the monkeys right there. The guy drew, and you can look at it. [00:45:54] In fact, I can pull it up right now, if you want to do. But people paid real money for that. So they've got what really? What do they have? You can't take it off the wall, like you're Picasso and salad, right? Or Banksy, if you're into the more modern art, it's just not. What is doable? How do you make this work? [00:46:15] Only the NFT only gives you bragging rights in reality. That's what it does. You have bragging rights because you could take that digital picture and make a hundred quadrillion copies. Yeah, you'd still own the NFT you would still have in the blockchain for whatever NFT company you're using the rights to it. [00:46:41] They would say this, you owned it. So let's talk about the blockchain behind it. There are a lot of companies that are trying to give you that. Okay. All right. I get it. Yeah, I get to to own it. But who's running the blockchain behind it. Who's validating that you own it with Bitcoin and many of these other blockchain currencies that are out there. [00:47:08] There are various. Companies and individuals who are registered, who have all of the paperwork, if you will saying who owns, how much of what, and who paid, who and everything. And that by the way, is why it takes so long for some of these Bitcoin and other transactions to occur. But how about the NFT? There are tons of companies out there that say they will certify the NFT. [00:47:38] So it gets to be real problem. And when we get into this Jack Dorsey tweet and this article about it, which are let me pull it up again here for you guys. This guy Sina bought the very first tweet ever from Twitter founder, Jack Dorsey for $2.9 million last year. And he decided that he wanted to sell it. [00:48:07] So he listed it for sale again at $48 million last week. Real. He put it up for open bid and this article and CoinDesk is talking about that. And you can see that if you're watching me on rumble or YouTube, I'm showing you my screen here right now. But this Iranian born crypto entrepreneur named of again. [00:48:32] As TAVI purchased it for $2.9 million in March, 2021. Last Thursday, he announced on Twitter where out, that he wanted to sell this and Ft. And he said, Hey, listen, I'm going to put 50% of the proceeds to charity while the auction closed. This was an open auction. People could go and bid on it and head auction closed. [00:49:00] With a, an offer of basically $288, $277 at current prices when this article was written $277 and the lowest bid was $6. And as I recall, this is not in this article, but there were only. I handful of bids. Like when I say handful, I mean a half a dozen beds. Crazy. This is a real problem because the deadline is over. [00:49:31] He paid how much for it, right? How much did he pay? Pull that up again. $2.9 million last year. And his highest bid was in the neighborhood of $280. Isn't that crazy. So did he get money on this? Did he win money on this? I don't know. I'm looking at those saying is it worth it to buy something like that? [00:49:59] That you might think, oh, the very first apple computer, an apple. While that's going to be worth some serious money. Yeah, it is. It's something, you can grab onto, you can hold onto it, it's something and you can sell it. You can trade it. You can take a picture of it. You can't make digital copies of it. [00:50:20] You, you, it's a physical thing. That's worth something. Same thing with that Picasso on the wall, it's really worth something that has some basic intrinsic. Jack's true tweet. The very first tweet. How much is that thing worth? It basically nothing. So the tweet is showing he'll pull it up on the screen again that he's selling ad Jack 2000 6 0 3 21 at eight 50 14:00 PM. [00:50:50] Just setting up my Twitter. So there you go. There's Jack is very first to. And it's absolutely amazing. Is it worth it? Let me pull up some other stuff here for you guys. I'm going to pull this up here is Coinbase launching an NFT marketplace in hopes of appealing to crypto on mainstream users. So here's some examples from a man and FTEs. [00:51:16] I'm going to zoom in on this for those of you guys watching on rumble or on Twitter. All right. Mean. Yeah actually you can see it on Twitter too, but YouTube, here you go. Here's some NFTs it's artwork and it's a creature. So you can buy creature number 7, 8 0 6 right now for six Eve. So let me see. [00:51:39] Value of six. Ethereum is what ether, M two us dollars. So for 3000. And $84. As of right now, you can get a crappy picture that even I could have draw okay. Of this guy and look at all of the work this artist has put in. There's how many of these up here? 1, 2, 3, 4, or five, 10 of them. And it's the same head. [00:52:08] Each time it looks like this almost the same eyes. He changes colors and he's got different background. It's absolutely not. So that's what they're trying to do right now, trying to sell these NFT. So who's going to buy that. Who's going to pay $3,000 for artwork that hunter Biden could have done with a straw. [00:52:30] Anchored around. Here's another one. This is from ledger insights. NBA's launching dynamic NFTs for fans, baseball cards for the NBA that are basically just worthless. They're NF. Non fungible tokens. It has taken the crypto world by storm and people are losing millions as you look, but it really is changing the e-commerce world. [00:52:58] Stick around. We'll be right back. [00:53:02] Bitcoin blockchain. All of the rage, a lot of people are talking about it, but I got to say most people who are talking. I don't know much about it. And when it comes to anonymity, Bitcoin is probably the worst thing you could possibly do. It's amazing. [00:53:20] There are a lot of misconceptions out there when it comes to technology, you have almost any kind of technology and blockchain and Bitcoin are examples of a very misunderstood technology. [00:53:35] Now I'm not talking about how does it work? How are these ledgers maintained? How does this whole mining thing work? Why has Chan. Bandit. Why are a lot of countries going away from it, one country. Now the dictator said, yeah, we're going to use Bitcoin as our we're official currency. In addition to the U S dollar what's going on. [00:53:57] It is complicated behind the scenes. It's complicated to use. Although there are some entrepreneurs that have made some great strides there. I saw a documentary on what has been happening in that one country. I mentioned. They are able to pay in us dollars using Bitcoin. So they'll go up to a vendor on the street. [00:54:22] Quite literally they'll have their smartphone with them. The vendor has their smartphone. They type in 15 cents for the taco and a hit send. It goes to the other person and they have 15 cents worth of Bitcoin. By the way, these types of micro-transactions with the way Bitcoin is structured behind the scenes, make things even less manageable in the Bitcoin world than they have been in the past. [00:54:50] And that's why in case you didn't know, Bitcoin is making some major changes here fairly soon. They've got to change the way all of this ledger stuff works because it takes too long. To record and authorized transactions. And these ledgers just get way too long when it comes to all of these kinds of microtransaction. [00:55:14] So there's stuff going on, Bitcoin, there, there are many of these types of currencies out there. Theories comes one. You've heard about doge coin because of course that's Elon Musk has been talking about and many others and they're all different somewhat, but the main concepts are the. One of the big concepts, I'm going to pull an article up here on the screen for those watching on YouTube or also on rumble. [00:55:39] But this is an article from our friends at wired magazine. And now you have subscribed to wired for many years. This particular one is about what wired is calling the crypto. Trap now that's a very big deal. It is a trap and it's a trap and a lot of different ways. And that's what we're going to talk about right now. [00:56:05] Crypto is not what its name implies. A lot of people look at it and say, oh, crypto that's cryptography. That's like the German enigma machine in world war two and all of this new, great crypto that we have nowadays. And there are some pretty amazing new cryptographic technologies that we've been using, but no, that's not. [00:56:26] What's really going on. You see the basic premise behind all of these technologies is the concept of having a. And this wallet has a unique identifier. It has a number assigned to it. So if I'm sending money to you, I'm going to have your wallet, ID, your wallet number, and I'm going to now send you some amount of fraction, most likely of a cryptocurrency. [00:56:55] It's certainly if it's Bitcoin, it's almost certainly a fraction. And so I'm going to send you $100 worth of, let's say. What ends up happening now is these ledgers, which are public, are all going to record the Craig's sent you a hundred dollars worth of Bitcoin. Of course, it's going to be in a fraction of a Bitcoin. [00:57:16] So sometimes there's rounding errors is not going to be really exactly a hundred dollars. Plus there's the amazing amount of. Tivoli volatility in the cyber currencies. So even though I meant just hitting a hundred dollars, mine ended up being 110 of it goes up. It might be 90. If it goes down you get that. [00:57:34] You don't understand how that works. So the problem now is I have sent you a hundred dollars. And public ledgers that anyone can gain access to now say wallet number 1, 2, 3, 4 cent, a hundred dollars, two wallet, number 5, 6, 7, 8. Obviously the wallet numbers bruises a lot longer than that. So then it's fine. [00:57:58] And there's a degree of anonymity there it's really called pseudo anonymity because in reality, it's not completely anonymous because people know the transaction occurred and they know the wallet numbers. Correct. It's like a bank account, and if I'm putting money into your bank account, that bank account number knows that the money came from a check that I wrote. [00:58:21] Can you imagine that someone writing a check and that check I had a number on it, a bank account number, right? So it can all be tracked while much. The same thing is true when it comes to cryptocurrencies, these cryptocurrencies are in public ledgers and those public ledgers can be used with a little bit of work to figure out. [00:58:42] Who you are. So this article here from our friends at wired gets really hairy. And it might be of interest to you to read, but this is talking about a take-down that happened, and this is a massive take down. This take down was of a whole group of people who were involved in some really nasty stuff. [00:59:09] In this particular case, what it was kitty. Just a terrible thing and the abuse surrounding it. So this logical goes into not a lot of detail. I'm not going to read it because here on the air, because I don't want to upset too many people. Cause it's some of the details of this evening to think about them are incredible. [00:59:29] But. This the police broke into this middle-class suburb home in the outskirts of Atlanta. And he there was Homeland security. It was a guy from the IRS and they came in, they took all of their electronic devices. They separated the family, putting the father who is an assistant principal at the local high school assistant printers. [00:59:57] And he was the target of this investigation. So they had him in one room, they had his wife and another room and they put the two kids into a third room and they started questioning him. Now, this is part of a takedown of a, as I said, a whole ring of these people, including this assistant. Principal at a school. [01:00:20] Can you believe that? So this IRS guy had flown in from Washington DC to have a look over what was going on, but this agent from the IRS and his partner whose name is let's see, his name was Jenn S Scouts. I probably got that wrong. And Tigran GAM bar Yan, Cambodian, and they had a small group of investigators and they were at a whole bunch of different federal agencies, not just the IRS. [01:00:48] What once seemed to be. Untraceable was no longer traceable. Now I've talked on this show before about a lecture I went to by the secret service about how they had tracked down and shut down the world's largest website that was being used to sell illegal materials online. And it's fascinating what they did. [01:01:12] But frankly, they're calling this particular boss to proof of concept and that's why they are IRS was in on this as well, but it was huge. Here's a quote from the IRS agent in this wired magazine article. He's saying he remembers how the gravity of this whole thing. Let me pull this up on the screen too. [01:01:32] So you can read along here, but this was a high school administrator, a husband, and a father of two, whether he was guilty or innocent. The accusations, this team of law enforcement agents were leveling against him. There are mere presence in the home would almost certainly ruin his life. And he, as well as these other people were counting on anonymity from Bitcoin. [01:01:59] Now, obviously I'm glad they got taken down, but listen, folks, if you think that it's safe, that it's anonymous, it ain't Bitcoin just ain't there. Craig peterson.com stick around. [01:02:15] I've been blamed for really complaining about people not updating their software. And that includes things like firewalls. The FBI has stepped in and they are going ahead and doing updates for you. [01:02:30] So once you get into this, because this is, I think something that should concern all of us, what should we be doing as a country? [01:02:40] People are. Updating their software. They're not updating their hardware. And particularly our hardware take a look at what's been happening with the firewalls and the firewall concerns. Everybody has some sort of firewall will almost everybody, but enough people that we can say, everybody has a firewall, you get your internet from you, name it. [01:03:05] And because of the fact they're using something called Nat network address translation, they've got some sort of firewall in front of you. So for instance, You've got your phone, right? You're using your phone and it's got internet on it. You're going through whoever your carrier is. And that carrier is giving you internet access, right? [01:03:28] They don't have enough IP addresses, particularly IPV four, in order for you to get your very own unique little address out on the. No they do. When it comes to V6 things a little bit different, but your device is not completely exposed on the internet. Windows comes to the fire. And by default, the windows firewall is turned on. [01:03:50] Now this gets more than a little concerning because that firewall that's turned on. Isn't really doing anything because I've got a firewall turned on and yet every service is accessible from outside, which is defeating the purpose of the firewall. Again, it's a complaint I've had about Microsoft now for. [01:04:10] Decades, which is they have features that are just check boxes. Yes. Yes. It's got a firewall. Yeah, it's turned on, but the features don't work. So having a firewall and having everything open defeats the purpose of a firewall max do not have a firewall turned on by default, but they do have their services disabled. [01:04:33] Which is just as effective if not more effective. So one of the things we advise people to do is go into your windows system, into the firewalls and your security settings, and turn off any services that you're not using. If you're not sharing file systems, then turn that off. In other words, You're mounting the G drive or whatever you might call it from another computer, then you don't need it. [01:04:59] If you're not as server for what's called SMB, then you don't need to share it. So turn off everything that you don't need. That's going to happen is one of your programs isn't going to work, right? And the, what you did last year, you're going to turn it back on and you can do a lot of research online to find out what they are. [01:05:18] We have over 200 settings that we change in windows. When we get a customer. Now on the Mac side, you can turn it on. I liked turning it on. I liked turning off the ability to see my machine. So in other words, the ability to be able to. So I turned it on and I enable specific services. And again, you can do some research on that. [01:05:44] I've got an improving windows security course that people have taken, and we should probably do that again, if not just have some free webinars on how to do this. So you guys can learn how to do it, but not that hard to do. Anyhow, bottom line is. People aren't updating their computers, even the Macs and windows. [01:06:06] We have a client that would just started a new client and we're tightening things up and we've been finding Mac computers that are major multiple major revisions behind. And that to me is shocking. Apple Macs are just so easy to update. It is extremely rare that an apple update will make your computer break unlike in the windows world, where it's pretty common. [01:06:32] So windows guys, I can understand, but your even more exposed, your bigger target, you need to keep up to date. So how about all of the other equipment that we. I've had warnings again and again, with you guys about what's happening with our smart devices that are out there, right? Our security cameras we have up in the corner, right? [01:06:56] We have these smart thermostats, people are using the list goes on and on of all of this equipment that we're using that is exposing us because when was the last time you have. How about the firmware in your router or your wifi, right? Some of the devices that I recommend to people, and if you have any questions, just email me M e@craigpeterson.com. [01:07:19] I can give you recommendations, even if you're a home user. Although my business obviously is working with businesses on what kind of wifi to buy, what you should get, what you should do. I don't charge for any of that stuff. Okay. You get it. But you have to ask. Me@craigpeterson.com. So you get this information and you go ahead and you buy whatever it is, but you don't keep it up to date, which is why I tend to only recommend stuff that automatically updates. [01:07:48] But that also means every few years you're going to have to replace it because unless you're using the good Cisco equipment where you can get a seven year life out of it you're not gonna find that in consumer grid. So what's happened here. I'm going to pull this up on my screen for people watching this on YouTube or on rumble. [01:08:07] But here is a thing that came straight out of our friends here from the FBI. This is from CSO. This is a a magazine that I do follow. But they're talking about what they call psych clock. Blink. So the article says for the second time in a year, the FBI has used search and seizure warrant to clean malware from devices owned by private businesses and users without their explicit approval. [01:08:40] The FBI used this approach to disrupt a botnet, believed to be the creation of right. Government hackers. So the calling this SYEP clock cycle clubs, blink malware discovered earlier this year. So here's the problem. What do you do if you're the federal government, how do you try and keep your country safe? [01:09:05] Now we know. We've got these military contractors. They make missiles that take out missiles, right? The provide defensive systems. You've heard of iron dome from years ago, all the way through all of the current stuff. That's what they do, but what do they do? What can they do when there's a botnet? A botnet is where there are multiple computers in this case, probably tens of thousands of computers located in the United States that are acting like sleeper. [01:09:36] They sit there and they wait for commands as to what they should do. Should they try and attack a machine? Should they try and spread more? Malware, what should they be doing? And the, these things are vicious. They are absolutely nasty. And in this case, we're looking at Russian malware. So Russia effectively like the Americans. [01:09:59] You might remember that TV show. It was great show, but that. Computers that are owned by you and me and our businesses and government agencies that are under the control of the Russians. Now you don't even know it. You're using your computer or you're playing games. You're going to Facebook, whatever it is you do on your computer. [01:10:20] Your computer is under command and control of the Russians. So the FBI goes to a court and says, Hey, we've got to go ahead and shut this down. We need a warrant. They get the warrant and the search and seizure warrant lets them now. Get on to these machines that are part of the bot net or the controlling machines for the bot net, and either remove the malware or go ahead and take control of the botnet themselves. [01:10:49] So it can't be used. And by the way, our friends at Microsoft they've gotten involved in this too, which is really frankly, cool in shutting down some of these botnets, Hey, I want to encourage everyone. Take a couple of minutes, go to Craig peterson.com/subscribe. That's Craig Peterson. CREI G P T R S O N. [01:11:12] And subscribe, and I'll be sending you a special report on passwords. Plus two more. I send out the most popular special reports that anybody has ever asked for. [01:11:25] Hey, I've got a little bit more to discuss on what's happening with Russia and Microsoft and more, but I'm also going to talk about QR codes. There is a great explanation. That's in your newsletter from Monday about why you shouldn't trust him. [01:11:41] Let's finish up this Russian thing. And then we're going to get into why you cannot trust QR codes and a brand new way. [01:11:51] The bad guys are using QR codes to really mess with us. Now, if you're watching over on either YouTube or on rumble, you'll see this. Let me pull up my screen for you. But here we go. Okay. This is very interesting. Then the last segment, we talked a little bit about what our friends over at the FBI had been doing, which is they have been removing malware from people's computers because people haven't been keeping their computers up-to-date right. [01:12:26] Part of the botnets. So we explained. At the FBI, isn't the only one out there trying to stop these Russians and the hackers anonymous has been very big at it. In fact, let me pull up this other article. This is from security affairs. And here we go. And it's talking about this whole army of these anonymous hackers. [01:12:50] Now none of us have been a nightmare for many businesses that they didn't like. I had an anonymous we'll go ahead and they'll do usually pretty basic stuff. They'll do denial of service attacks and some other things, so they don't like you because of. The don't say gay bill in Florida, and, without bothering to do any research, they'll just start attacking organizations that support it, or organizations that don't support it depending on how they want to do it. So this is an interesting article here, because it's talking about these various. Websites that they've hacked. Now, some of them are government site and some of them are private industries. Now, one of the cool things, bad things about hacking private industry and releasing the emails is now the competitors to these businesses know what they're doing. [01:13:46] And in some cases there's proprietary technology that's being released. Now, when it comes to Russian proprietary technology. The Western world doesn't care a whole lot about some of it, but here's some examples of what these hacktivists of GoDaddy. This is a company called forest 37,000 emails stolen from the company, Russian logging and wood manufacturing firm. [01:14:09] Again, it would give a little bit of an idea into the whole Russian, what are they doing? In the forest industry. This one, I think is a little more concerning for the Russians Aero gap. This is an engineering company that focuses in the oil and gas industry. Their clients include a whole bunch of Russian companies. [01:14:30] They've leaked approximately 100,000 emails from Aero gas. That is a huge deal because so much of the country's revenue, the number one industry in Russia is oil and gas. Petro Fort one of the largest office space and business centers in St. Petersburg, the hackers have leaked approximately 300,000 emails from Petro fork. [01:14:56] Again, you can use that to find out what's happening in your economy. What. Doing how are businesses doing? Are they going to go under so you can see some tweets here. I've got them up on my screen on YouTube and rumble anonymous. What they're saying that they've done and you can follow anonymous directly on Twitter. [01:15:14] Particularly fond of them. They've done a lot of things that I disagree with. This is really telling us about a whole new approach to warfare, right back in the day, you and I couldn't get involved, we could potentially take up arms and go and fight right there and think about the Spanish American war. [01:15:33] Think about what's happening now in Ukraine, where Americans have just gone over there. Taken up firearms in order to help them defend Ukraine. People who are maybe of Ukrainian descent, maybe not right. We have never seen this type of involvement by average citizens because anonymous is not like some big fancy company or government agency anonymous is a bunch of people who are trying to be anonymous and do something. [01:16:05] So they stole 145 gigabytes. Look at this. It's just crazy. So here. The anonymous Twitter thread itself, right? Talking about what. It's absolutely incredible. Incredible. So that's what anonymous is up to. They are hacking Russia and they're hacking Russia in a big way. Now, next stop. We have our friends at Microsoft. [01:16:30] Microsoft has been seizing Russian domains that they are accusing of having been linked to these Russian hackers that have been going after think tanks and government agencies in the U S and the. He kn

    Facebook Has No Idea Where Your Data Is and What They Do With It?!

    Play Episode Listen Later May 13, 2022 82:20

    Facebook Has No Idea Where Your Data Is and What They Do With It?! Facebook's about 18 years old coming on 20 Facebook has a lot of data. How much stuff have you given Facebook? Did you fall victim for that? Hey, upload your contacts. We'll find your friends. They don't know where your data is. [Following is an automated transcript] [00:00:15] This whole thing with Facebook has exploded here lately. [00:00:20] There is an article that had appeared on a line from our friends over at, I think it was, yeah. Let me see here. Yeah. Yeah. Motherboard. I was right. And motherboards reporting that Facebook doesn't know what it does with your data or. It goes, no, there's always a lot of rumors about different companies and particularly when they're big company and the news headlines are grabbing your attention and certainly Facebook can be one of those companies. [00:00:57] So where did motherboard get this opinion about Facebook? Just being completely clueless about your personal. It tamed from a leaked document. Yeah, exactly. So we find out a lot of stuff like that. I used to follow a website about companies that were going to go under and they posted internal memos. [00:01:23] It basically got sued out of existence, but there's no way that Facebook is going to be able to Sue this one out of existence because they are describing this as. Internally as a tsunami of privacy regulations all over the world. So Gores, if you're older, we used to call those tidal waves, but think of what the implication there is of a tsunami coming in and just overwhelming everything. [00:01:53] So Facebook, internally, their engineers are trying to figure out, okay. So how do we deal with. People's personal data. It's not categorized in ways that regulators want to control it. Now there's a huge problem right there. You've got third party data. You've got first party data. You've got sensitive categories, data. [00:02:16] They might know what religion you are, what your persuasions are in various different ways. There's a lot of things they might know about you. How were they all cat categorize now we've got the European union. With their general data protection regulation. The GDPR we talked about when it came into effect back in 2018, and I've helped a few companies to comply with that. [00:02:41] That's not my specialty. My specialty is the cybersecurity. But in article five this year, peon law mandates that personal data must be collected for specified explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. So what that means is that every piece of data, like where you are using Facebook or your religious orientation, Can only be collected in use for a specific purpose and not reused for another purpose. [00:03:19] As an example here, that vice has given in past Facebook, took the phone number that users provided to protect their accounts with two factor authentication and fed it to its people, feature as well as. Advertisers. Yeah. Interesting. Hey, so Gizmodo with the help of academic researchers caught Facebook doing this, and eventually the company had to stop the practice because, and this goes back to the earlier days where Facebook would say, Hey, find out if your friends are on Facebook, upload your contacts right now. [00:03:54] And most people. What did you know back then about trying to keep your data private, to try and stop the proliferation of information about you online then nothing. I think I probably even uploaded it back then thinking it'd be nice to see if I got friends here. We can start chatting, et cetera. [00:04:12] According to legal experts that were interviewed by motherboard who wrote this article and has a copy of the internal memo this year, PN regulation specifically prohibits that kind of repurposing of your phone number of trying to put together the social graph and the leaked document shows that Facebook may not even have the ability to live. [00:04:37] How it handles user's data. Now I was on a number of radio stations this week, talking about this. And the example I gave is just look at an average business from the time it start, Facebook started how right? Wildly scraping pictures of young women off of Harvard university. Main catalog, contact page, and then asking people what do you think of this? This person, that person. And off they go, trying to rate them. Yeah. Yeah. All that matters to a woman, at least to Courtney, to mark Zuckerberg girl, all the matters about a woman is how she looks. Do I think she's pretty or not? [00:05:15] It's ridiculous. What he was doing. It just, oh, that's zackerburg who he is not a great guy anyways. So you go from stealing pictures of young ladies asking people to rate them, putting together some class information and stuff there at Harvard, and then moving on to other universities and then open it up even wider and wider. [00:05:42] And of course, that also created demand because you can't get on. If you're not at one of the universities that we have set it up for. And then you continue to grow. You're adding these universities, certainly starting to collect data and you are making more money than God. So what do you do? You don't have to worry about any efficiencies. [00:06:02] I'll tell you that. Right? One thing you don't have to do is worry about gee. We've got a lot of redundant work going on here. We've got a lot of teams working on basically the same thing. No, you've got more money than you can possibly shake a stick at. So now you go ahead and send that money to this group or that group. [00:06:24] And they put together all of the basic information, that they want. Pulling it out of this database and that database in there doing some correlation, writing some really cool CQL queries with mem credible joins and everything else. And now that becomes part of the main code for Facebook. [00:06:45] And then Facebook goes on to the next little project and they do the same thing. Then the next project, then the next project. And then someone comes along and says, Hey, we. This feature, that feature for advertisers and then in that goes, and then along comes candidate Obama. And they, one of the groups inside Facebook says, yeah here we go. [00:07:09] Here's all of the information we have about everybody and it's free. Don't worry about it. And then when Trump actually bought it and hired a company to try and process some of that information he got in trouble. No but the. The whole campaign could get access to anything they wanted to, again, because the data wasn't controlled, they had no idea who was doing what with the data. [00:07:34] And according to this internal memo, they still don't know. They don't even know if they can possibly comply with these regulations, not just in Europe, but we have regulations in pretty much all of the 50 states in the U S Canada of course, has their own Australia and New Zealand think about all the places. [00:07:57] Facebook makes a lot of. So here's a quote from that we build systems with open borders. The result of these open systems and open culture is well-described with an analogy. Imagine you hold a bottle of ink in your hand, the bottle of ink is a mixture of all kinds of user data. You pour that ink into a lake of water and K and it flows every year. [00:08:22] The document read. So how do you put that ink back in the bottle? I, in the right bottle, how do you organize it again? So that it only flows to the allowed places in the lake? They're totally right about that. Where did they collect it from? Apparently they don't even know where they got some of this information. [00:08:43] This data from reminds me of the no fly list. You don't know you're on it and you can't get yourself off of it. It's crazy. So this document that we're talking about, it was written last year by. Privacy engineers on the ad and business product team, whose mission is to make meaningful connections between people and businesses and which quote sits at the center of our monetization strategy. [00:09:06] And is the engine that powers Facebook's growth. Interesting. Interesting problems. And I see this being a problem well into the future for more and more of these companies, look at Twitter as an example that we've all heard about a lot lately. And then I've talked about as well along comes Elon Musk and he says wait a minute. [00:09:29] I can make Twitter way more profitable. We're going to get rid of however many people over a thousand, and then we are going to hire more people. We're going to start charging. We're going to be more efficient. You can bet all of these redundancies that are in Facebook are also there. And Twitter also has to comply with all of these regulations that Facebook is freaking out about it for a really a very good reason. [00:10:00] So this document is available to anybody who wants to look at it. I'm looking at it right now, talking about regulatory landscape and the fundamental problems Facebook's data lake. And this is a problem that most companies have not. As bad as Facebook does the button. Most companies you write, you grow. I have yet to walk into a business that needs help with cybersecurity and find everything in place as it should be because it grew organically. [00:10:32] Do you started out with a little consumer firewall router, wifi, and then you added to it and you put a switch here and you added another switch behind that and move things around. This is normal. This is not total incompetence on the part of the management, but my gosh, I don't know. Maybe they need an Elon Musk. [00:10:52] Just straighten them out as well. Hey, stick around. I'll be right back and sign up online@craigpeterson.com. [00:11:02] Apparently looting is one of the benefits of being a Russian soldier. And according to the reports coming out of Ukraine, they've been doing it a lot, but there's a tech angle on here that is really turning the tables on these Russian Looters. [00:11:19] We know in wars, there are people that loot and typically the various militaries try and make sure, at least recently that looting is kept to an absolute minimum. [00:11:32] Certainly the Americans, the British, even the Nazis during world war II the the socialists they're in. Germany they tried to stop some of the looting that was going on. I think that's probably a very good thing, because what you end up with is just all of these locals that are just totally upset with you. [00:11:57] I found a great article on the guardian and there's a village. I hadn't been occupied for about a month by Russian troops and the people came back. They are just shocked to see what happened in there. Giving a few examples of different towns. They found that the alcohol was stolen and they left empty bottles behind food wrappers, cigarette butts, thrown all over the place in apartments in the home. [00:12:26] Piles of feces blocking the toilets, family photographs torn, thrown around the house. They took away all of the closes as a code from one of the people, literally everything, male and female coats, boots, shirts, jackets, even my dresses and laundry. This is really something. The Sylvia's didn't do this, but now Russia. [00:12:49] The military apparently does. So over the past couple of weeks, there have been reporting from numerous places where Russian troops had occupied Ukrainian territory and the guardian, which is this UK newspaper collected evidence to suggest looting by Russian forces was not merely a case of a few way, word soldiers, but a systematic part of Russian military behavior across multiple towns. [00:13:17] And villages. That's absolutely amazing. Another quote here, people saw the Russian soldiers loading everything onto your old trucks. Everything they could get their hands on a dozen houses on the villages. Main street had been looted as well as the shops. Other villagers reported losing washing machines, food laptops, even as sofa, air conditioner. [00:13:41] Being shipped back, just you might use ups here or they have their equivalent over there. A lady here who was the head teacher in the school, she came back in, of course, found her home looted and in the head teacher's office. She found an open pair of scissors that had been jammed into a plasma screen that was left behind because if they can't steal it, they're going to destroy it. [00:14:07] They don't wanna leave anything behind. They found the Russian to take in most of the computers, the projectors and other electronic equipment. It's incredible. So let's talk about the turnaround here. You might've heard stories about some of these bad guys that have smashed and grabbed their way into apple stores. [00:14:27] So they get into the apple store. They grab laptops on iPads, no longer iPods, because they don't make those anymore. And I phone. And they take them and they run with them. Nowadays there's not a whole lot of use for those. Now what they have been doing, some of these bad guys is they'd take some parts and use them in stolen equipment. [00:14:52] They sell them on the used market, et cetera. But when you're talking about something specific, like an iPhone that needs specific activation. Completely different problem arises for these guys because that iPhone needs to have a SIM card in order to get onto the cell network. And it also has built in serial numbers. [00:15:15] So what happens in those cases while apple goes ahead and disables them. So as soon as they connect to the internet, they didn't say they put them on wifi. They don't get a SIM card. They don't. Service from T-Mobile or Verizon or whoever it might be. So now they just connect to the wifi and it calls home. [00:15:33] Cause it's going to get updates and download stuff from the app store and they find that it's been bricked. Now you can do that with a lot of mobile device managers that are available for. All kinds of equipment nowadays, but certainly apple equipment where if a phone is lost or stolen or a laptop or other pieces of equipment, you can get on the MDM and disable it, have it remotely erase, et cetera. [00:16:00] Now, please have had some interesting problems with that. Because a bad guy might go ahead and erase a smartphone. That's in the evidence locker at the police station. So they're doing things like putting them into Faraday cages or static bags or other things to try and stop that. So I think we've established here that the higher tech equipment is pretty well protected. [00:16:25] You steal it. It's not going to do you much. Good. So one of the things the Russian stole when they were in a it's called a, I think you pronounced. Melad Mellott DePaul which is again, a Ukrainian city is they stole all of the equipment from a farm equipment dealership and shipped it to check. Now that's according to a source in a businessman in the area that CNN is reporting on. [00:16:56] So they shipped this equipment. We're talking about combine harvesters were 300 grand a piece. They shipped it 700 miles. And the thieves were ultimately unable to use the equipment because it had been locked remotely. So think about agriculture equipment that John Deere, in this case, these pieces of equipment, they, they drive themselves. [00:17:23] It's atonomous it goes up and down the field. Goes to any pattern that you want to it'll bring itself within a foot or an inch of your boundaries, of your property being very efficient the whole time, whether it's planting or harvesting, et cetera. And that's just a phenomenal thing because it saves so much time for the farmer makes it easier to do the companies like John Deere. [00:17:49] Want to sell as many pieces of this equipment as they possibly can. And farming is known to be a what not terribly profitable business. And certainly isn't like Facebook. So how can they get this expensive equipment into the hands of a lot of farmers? What they do is they use. So you can lease the equipment through leasing company or maybe directly from the manufacturer and now you're off and running. [00:18:16] But what happens if the lease isn't paid now? It's one thing. If you don't pay your lease on a $2,000 laptop, right? They're probably not going to come hunting for you, but when you're talking about a $300,000 harvester, they're more interested. So the leasing company. Has titled to the equipment and the leasing company can shut it off remotely. [00:18:41] You see where I'm going with this so that they can get their equipment in the hands of more farmers because the farmers can lease it. It costs them less. They don't have to have a big cash payment. You see how this all works. So when the Russian forces stole this equipment, that's valued, total value here is about $5 million. [00:19:02] They were able to shut it all off. And th the, obviously if you can't start the engine, because it's all shut off and it's all run by computers nowadays, and there's pros and cons to that. I think there's a lot of cons, but what are you going to do? How's that going to work for? Isn't going to work for you. [00:19:22] And they were able to track it and had GPS trackers find out exactly where it was. That's how they know it was Tara taken to Chechnya and could be controlled remotely. And in this case, how did they control it? They completely. Shut it off, even if they sell the harvesters for spare parts to learn some money, but they sure aren't gonna be able to sell them for the 300 grand that they were actually worth. [00:19:48] Hey, stick around. We'll be right back and visit me online@craigpeterson.com. If you sign up there, you'll be able to get my insider show notes. And every week I have a quick. Training right there. New emails, Craig Peterson.com. [00:20:05] If you've been worried about ransomware, you are right to worry. It's up. It's costly. And we're going to talk about that right now. What are the stats? What can you do? What happens if you do get hacked? Interesting world! [00:20:20] Ransomware has been a very long running problem. I remember a client of ours, a car dealership who we had gone in. [00:20:31] We had improved all of their systems and their security, and one of them. People who was actually a senior manager, ended up downloading a piece of ransomware, one of these encrypted ones and opened it up and his machine all of a sudden, guess what it had ransomware on it. One of those big. Green's that say, pay up and send us this much Bitcoin, and here's our address. [00:21:00] All of that sort of stuff. And he called us up and said, what's going on here? What happened? First of all, don't bring your own machine into the office. Secondly, don't open up as particularly encrypted files using a password that they gave. And thirdly, we stopped it automatically. It did not spread. [00:21:20] We were able to completely restore his computer. Now let's consider here the consequences of what happened. So he obviously was scared. And within a matter of a couple of hours, we actually had him back to where he was and it didn't spread. So the consequences there, they weren't that bad. But how about if it had gotten worse? [00:21:47] How about if the ransomware. Also before it started holding his computer ransom, went out and found all of the data about their customers. What do you think an auto dealership would love to hear that all of their customer data was stolen and released all of the personal data of all of their customers? [00:22:08] Obviously not. So there's a potential cost there. And then how long do you think it would take a normal company? That thinks they have backups to get back online. All I can tell you it'll take quite a while because the biggest problem is most backups don't work. We have yet to go into a business that was actually doing backups that would work to help restore them. [00:22:35] And if you're interested, I can send you, I've got something I wrote up. Be glad to email it back to you. Obviously as usual, no charge. And you'll be able to go into that and figure out what you should do. Cause I, I break it down into the different types of backups and why you might want to use them or why you might not want to use them, but ransomware. [00:22:58] Is a kind of a pernicious nasty little thing, particularly nowadays, because it's to two factor, first is they've encrypted your data. You can't get to it. And then the second side of that is okay I can't get to my data and now they're threatening to hold my data ransom or they'll release. So they'll put it out there. [00:23:22] And of course, if you're in a regulated industry, which actually car dealers are because they deal with financial transactions, leases, loans, that sort of thing you can lose your license for your business. You can, you lose your ability to go ahead and frankly make loans and work with financial companies and financial instruments. [00:23:45] It could be a very big. So there are a lot of potential things that can happen all the way from losing your reputation as a business or an individual losing all of the money in your operating account. And again, we've got a client that we picked up afterwards. That yes, indeed. That lost all of the money in their operating account. [00:24:09] And then how do you make payroll? How do you do things? There's a new study that came out from checkpoint. Checkpoint is one of the original firewall companies and they had a look at ransomware. What are the costs of ransomware? Now bottom line, I'm looking at some stats here on a couple of different sites. [00:24:29] One is by the way, Conti, which is a big ransomware gang that also got hacked after they said we are going to attack anyone. That doesn't defend Plaid's invasion of Ukraine, and then they got hacked and their information was released, but here's ransomware statistics. This is from cloud words. First of all, the largest ransom demand is $50 million. [00:24:55] And that was in 2021 to Acer big computer company. 37% of businesses were hit by ransomware. In 2021. This is amazing. They're expecting by 2031. So in about a decade, ransomware is going to be costing about $265 billion a year. Now on average. Ransomware costs businesses. 1.8, $5 million to recover from an attack. [00:25:25] Now that's obviously not a one or two person place, but think of the car dealer again, how much money are they going to make over the year or over the life of the business? If you're a car dealer, you have a license to print money, right? You're selling car model or cars from manufacturers. And now you have the right to do that and they can remove that. [00:25:48] How many tens, hundreds of millions of dollars might that end up costing you? Yeah. Big deal. Total cost of ransomware last year, $20 billion. Now these are the interesting statistics here right now. So pay closer attention to this 32% of ransomware victims paid a ransom. So about a third Peter ransom demand. [00:26:12] Lastly. It's actually down because my recollection is it used to be about 50% would pay a ransom. Now on average that one third of victims that paid a ransom only recovered 65% of their data. Now that differs from a number I've been using from the FBI. That's a little bit older that was saying it ends it a little better than 50%, but 65% of pain victims recovered their. [00:26:41] Now isn't that absolutely amazing. Now 57% of companies were able to recover their data, using a cloud backup. Now think about the different types of backup cloud backup is something that can work pretty well if you're a home user, but how long did it take for your system to get back? Probably took weeks, right? [00:27:05] For a regular computer over a regular internet line. Now restoring from backups is going to be faster because your downlink is usually faster than your uplink. That's not true for businesses that have real internet service like ours. It's the same bandwidth up as it is down. But it can take again, days or weeks to try and recover your machine. [00:27:28] So it's very expensive. And I wish I had more time to go into this, but looking at the costs here and the fact that insurance companies are no longer paying out for a lot of these ransomware attacks, it could be credibly expensive for you incredibly. The number one business types by industry for ransomware attacks, retail. [00:27:59] That makes sense. Doesn't it. Real estate. Electrical contractors, law firms and wholesale building materials. Isn't that interesting? And that's probably because none of these people are really aware or conscious of doing what a, of keeping their data secure of having a good it team, a good it department. [00:28:24] So there's your bottom line. Those are the guys that are getting hit. The most, the numbers are increasing dramatically and your costs are not just in the money. You might pay as a ransom. And as it turns out in pretty much every case prevention. Is less expensive and much better than the cure of trying to pay ransom or trying to restore from backups. [00:28:52] Hey, you're listening to Craig Peterson. You can get my weekly show notes by just going to craig peterson.com. [00:29:00] You and I have talked about passwords before the way to generate them and how important they are. We'll go over that again a little bit in just a second, but there's a new standard out there that will eliminate the need for passwords. [00:29:16] Passwords are a necessary evil, at least they have been forever. I remember, I think the only system I've ever really used that did not require passwords was the IBM 360. [00:29:31] Yeah, 360, you punch up the cards, all of the JCL you feed the card deck in and off it goes. And does this little thing that was a different day, a different era. When I started in college in university, we. We had a remote systems, timeshare systems that we could log into. And there weren't much in the line of password requirements. [00:29:58] And, but you had a username, you had a simple password. And I remember one of our instructors, his name was Robert, Andrew Lang, and his password was always some sort of a combination of RA Lang. So it was always easy to guess what his password was. Today. It has gotten a lot worse today. We have devices with us all the time. [00:30:22] You might be wearing a smart watch. That requires a password. You course probably have a smartphone that also maybe requiring a password. Certainly after it boots nowadays they use fingerprints or facial recognition, which is handy, but it has its own drawbacks. But how about the websites? You're going to the systems you're using in you're at work and logging in. [00:30:49] They all require password. And usernames of some sort or another well, apple, Google, and Microsoft have all committed to expanding their support for a standard. That's actually been out there for a few years. It's called the Fido standard. And the idea behind this is that you don't have to have a password in order to. [00:31:15] Now that's really an interesting thing, right? Just looking at it because we're so used to have in this password only authenticate. And of course the thing to do there is to make sure you have for your password, multiple words in the password, it should really be a pass phrase. And between the words put in special characters or numbers, maybe. [00:31:41] Upper lower case a little bit. In those words, those are the best passwords, 20 characters, 30 characters long. And then if you have to have a pin, I typically use a 12 digit pin. And how do I remember all of these? Cause I use a completely different password for every website and right now, Let me pull it up. [00:32:03] I'm using one password dot coms, password manager. And my main password for that is about 25 characters long. And I have thirty one hundred and thirty five. And trees here in my password manager, 3,100, that is a whole lot of passwords, right? As well as software licenses and a few other things in there. [00:32:30] That's how we remember them is using a password manager. One password.com is my favorite. Now, obviously I don't make any money by referring you there. I really do like that. Some others that I've liked in the past include last pass, but they really meant. With some of their cybersecurity last year and I lost my faith in it. [00:32:51] So now what they're trying to do is make these websites that we go to as well as some apps to have a consistent, secure, and passwordless. And they're going to make it available to consumers across all kinds of devices and platforms. That's why you've got apple, Google, and Microsoft all committing to it. [00:33:15] And you can bet everybody else is going to follow along because there's hundreds of other companies that have decided they're going to work with the Fido Alliance and they're going to create this passwordless future. Which I like this idea. So how does this work? Basically you need to have a smartphone. [00:33:33] This is, I'm just going to go with the most standard way that this is going to work here in the future, and you can then have. Passkey, this is like a multi-factor authentication or two factor authentication. So for instance, right now, when I sign into a website online, I'm giving a username, given a password, and then it comes up and it asks me for a code. [00:33:57] So I enter in a six digit code and that code changes every 30 seconds. And again, I use my password manager from one password. In order to generate that code. So that's how I log into Microsoft site and Google sites and all kinds of sites out there. So it's a similar thing here now for the sites for my company, because we do cyber security for businesses, including regulated businesses. [00:34:24] We have biometrics tied in as. So to log into our systems, I have to have a username. I have to have a password. I then am sent to a single sign-on page where I have to have a message sent to my smart device. That then has a special app that uses biometrics either a face ID or a fingerprint to verify who I am. [00:34:49] Yeah, there's a lot there, but I have to protect my customers. Something that very few it's crazy. Actual managed security services providers do, but it's important, right? By the way, if you want my password. Special report, just go to Craig peterson.com. Sign up for my email list. I'll send that to you. [00:35:13] That's what we're sending out right now for anyone who signs up new@craigpeterson.com. And if you'd like a copy of it in you're already on the list, just go ahead and email me. At Craig peterson.com and ask for the password special report where I go through a lot of this sort of thing. So what will happen with this is you go to a website and I might come up with a QR code. [00:35:37] So you then scan that QR code with your phone and verify it, authorize it on your phone. You might again to have it set up so that your phone requires a facial recognition or perhaps it'll require a fingerprint. And now you are. Which is very cool. They fix some security problems in Fido over the last few years, which is great over the coming year. [00:36:02] You're going to see this available on apple devices, Google Microsoft platforms, and it really is simple, stronger authentication. That's sort of Fido calls it. But it is going to make your life a lot easy, easier. It is a standard and the passwordless future makes a whole lot of sense for all of us. Now, I want to talk about another thing here that just bothered me for a long time. [00:36:30] I have a sister. Who is in the medical field and gives prescriptions, doctor thing. And I think she's not quite a doctor. I can't remember what she has. She's an LPN or something. And anyhow, so she. We'll get on a zoom call with someone and they'll go through medical history and what's happening right now and she'll make prescriptions. [00:36:57] And so I warned her about that saying, it is very bad to be using zoom because zoom is not secure. Never has been, probably never will be right. If you want secure. To go and pay for it from one of these providers like WebEx, that's what we use. We have a version of WebEx that is set up to be secure. [00:37:20] So I talked to her about that and said, Hey, listen, you can't do this. You've really got to go another way here. And so she started using one of these mental or. Medical health apps. What I want to talk about right now specifically are some checks that were just performed some audits on mental health apps. [00:37:45] That's why I messed up a second ago, but what they looked at is that things are a serious problem there. And then fact, the threat post, just calling it a. Frankly, just plain old creepy. So they've got some good intentions. They want to help with mental health. You've probably seen these or at least heard them advertise. [00:38:06] So you can get on the horn with a mental health professional, a doctor or otherwise in order to help you here with your psychological or spiritual wellness. And people are sharing their personal and sensitive data with third parties and have 32 mental health and prayer mobile apps that were investigated by the open source organization. [00:38:32] 28, 28 of the 32 were found to be inherently insecure and were given a privacy not included label, including others here. So this is a report. That was released here by the open source organization, tied into Mozilla. Those are the Firefox people. They have what they call their minimum security standards. [00:38:56] So things like requiring strong passwords, managing security, updates, and vulnerabilities, et cetera. 25 of the 32 failed to meet. Even those minimum security standards. So these apps are dealing with some of the most sensitive mental health and wellness issues people can possibly have, right? Depression, anxieties, suicidal fonts, domestic violence, eating disorders. [00:39:23] And they are being just terrible with your security Mozilla researchers spent 255 hours or about eight hours per product pairing under the hood of the security, watching the data that was going back and forth, right between all of these mental health and prayer apps. It was just crazy. So for example, eight of the apps reviewed, allowed weak passwords, that range. [00:39:52] One digit one as the password to 1, 1, 1, 1, while a mental health app called a mood fit only required one letter or digit as a password. Now that is very concerning for an app that collects mood and symptom data. So be very careful. Two of the apps better help a popular app that connects users with therapists and better stop suicide, which is a course of suicide prevention app have vague and messy, according to Mozilla privacy policies that have little or no effect on actual. [00:40:30] User data protection. So be very careful. And if you're a mental health, professional or medical professional, don't just go and use these open video calls, et cetera, et cetera, find something good. And there are some standards out there. Again. Visit me online, get my insider show notes every week. Get my little mini trends. [00:40:56] And they come up most weeks. Just go to Craig peterson.com. And I'll send you my special report on passwords and more. [00:41:06] We know the Russians have been attacking us. I've talked a lot about it on the radio station, all kinds of stations. In fact, here over the last couple of weeks, and I am doing something special, we are going through the things you can do to keep safe. [00:41:23] Last week we started doing something I promise we would continue. [00:41:27] And that is how can you protect yourself when it comes to the Russians, right? When it comes to the bad guys, because the Russians are definitely the bad guys. There's a few things you can do. And there's a few things, frankly, you shouldn't be doing. And that's exactly what we're going to talk about right now. [00:41:45] So last week he went over some steps, some things that you can look at that you should look at that are going to help protect you. And we are going to go into this a whole lot more today. And so I want you to stick around and if you miss anything, you can go online. You can go to Craig peterson.com, make sure you sign up there for my email. [00:42:08] And what I'm going to do for you is. Send you a few different documents now where we can chat back and forth about it, but I can send you this. Now I'm recording this on video as well as on audio. So you can follow along if you're watching either on YouTube or. Over on rumble and you can find it also on my website. [00:42:32] I've been trying to post it up there too, but right now let's talk about what we call passive backend protections. So you've got the front end and the front end of course, is. Stuff coming at you, maybe to the firewall I've mentioned last week about customers of mine. I was just looking at a few customers this week, just so I could have an idea of their firewalls. [00:42:59] And they were getting about 10 attacks per minute. Yeah. And these were customers who have requirements from the department of defense because they are defense sub subcontractors. So again, Potential bad guys. So I looked up their IP addresses and where the attacks were coming from. Now, remember that doesn't mean where they originated because the bad guys can hop through multiple machines and then get onto your machine. [00:43:28] What it means is that all, ultimately they ended up. Coming from one machine, right? So there's an IP address of that machine. That's attacking my clients or are attacking my machines. That just happens all the time. A lot of scans, but some definite attacks where they're trying to log in using SSH. [00:43:48] And what I found is these were coming from Slovakia, Russia, and Iran. Kind of what you were expecting, right? The Iranians, they just haven't given up yet. They keep trying to attack, particularly our military in our industry. One of the things we found out this week from, again, this was an FBI notice is that the Russians have been going after our industrial base. [00:44:15] And that includes, in fact, it's more specifically our automobile manufacturers we've already got problems, right? Try buying a new car, try buying parts. I was with my friend, just this. I helped them because he had his car right. Need to get picked up. So I took him over to pick up his car and we chatted a little bit with this small independent automotive repair shop. [00:44:40] And they were telling us that they're getting sometimes six, eight week delays on getting parts and some parts. They just can't. So they're going to everything from junkyards on out, and the worst parts are the parts, the official parts from the car manufacturers. So what's been happening is Russia apparently has been hacking into these various automobile manufacturers and automobile parts manufacturers. [00:45:10] And once they're inside, they've been putting in. A remote control button net. And those botnets now have the ability to wake up when they want them to wake up. And then once they've woken up, what do they do? Who knows? They've been busy erasing machines causing nothing, but having they've been doing all kinds of stuff in the past today, they're sitting there. [00:45:31] Which makes you think they're waiting, it's accumulate as much as you possibly can. And then once you've got it all accumulated go ahead and attack. So they could control thousands of machines, but they're not just in the U S it's automobile manufacturers in Japan. That we found out about. [00:45:50] So that's what they're doing right now. So you've got the kind of that front end and back end protections. So we're going to talk a little bit about the back end. What does that mean? When a cybersecurity guy talks about the backend and the protections. I got it up on my green right now, but here's the things you can do. [00:46:10] Okay. Remember, small businesses are just getting nailed from these guys, because again, they're fairly easy targets. One change your passwords, right? How many times do we have to say that? And yet about 70% of businesses out there are not using a good password methodology. If you want more information on passwords, two factor authentication, you name it. [00:46:37] Just email me M e@craigpeterson.com. I want to get the information out now. You got to make sure that all of the passwords on your systems are encrypted are stored in some sort of a good password vault as you really should be looking at 256 bit encryption or better. I have a vendor of. That I use. So if you get my emails every week, when them, there's the little training. [00:47:06] And so I'll give you a five minute training. It's written usually it's in bullet point for, I'm just trying to help you understand things. That provider of mine has a big database and there's another provider that I use that is for. So the training guys use the database of my provider. [00:47:27] In using that database, they're storing the passwords and the training providers putting passwords in the clinics. Into the database, which is absolutely crazy. So again, if you're a business, if you're storing any sort of personal information, particularly passwords, make sure that you're using good encryption and your S what's called salting the hash, which means. [00:47:53] You're not really storing the password, just joining assaulted hash. I can send you more on this. If you are a business and you're developing software that's, this is long tail stuff here. Configure all of the security password settings so that if someone's trying to log in and is failing that, and you block it, many of us that let's say you're a small business. [00:48:15] I see this all of the time. Okay. You're not to blame. You, but you have a firewall that came from the cable company. Maybe you bought it at a big box retailer. Maybe you bought it online over at Amazon, as hurricane really great for you. Has it got settings on there that lets you say. There's 20 attempts to log in. [00:48:38] Maybe we should stop them. Now, what we do personally for our customers is typically we'll block them at somewhere around three or four failed attempts and then their passwords block. Now you can configure that sort of thing. If you're using. Email. And that's an important thing to do. Let me tell you, because we've had some huge breaches due to email, like Microsoft email and passwords and people logging in and stealing stuff. [00:49:06] It was just a total nightmare for the entire industry last year, but limit the number of login retries as well as you're in there. These excessive login attempts or whatever you want to define it as needs to lock the account. And what that means is even if they have the right password, they can't get in and you have to use an administrative password in order to get in. [00:49:31] You also want to, what's called throttle, the rate of repeated logins. Now you might've gotten caught on this, right? You went to your bank, you went to E-bay, you went to any of these places and all of a sudden. And denied you write it blocked you. That can happen when your account is on these hackers lists. [00:49:51] You remember last week we talked about password spraying while that's a very big deal and hackers are doing the sprain trick all of the time, and that is causing you to get locked out of your own account. So if you do get locked out, remember it might be because someone's trying to break. Obviously you have to enforce the policies. [00:50:16] The capture is a very good thing. Again, this is more for software developer. We always recommend that you use multifactor or two factor authentication. Okay. Do not use your SMS, your text messages for that, where they'll send you a text message to verify who you are. If you can avoid that, you're much better off. [00:50:36] Cause there's some easy ways to get around that for hackers that are determined. Okay. A multi-factor again, installed an intrusion. system. We put right at the network edge and between workstations and servers, even inside the network, we put detection systems that look for intrusion attempts and block intrusion attempts. [00:51:02] A very important use denied lists to block known attackers. We build them automatically. We use some of the higher end Cisco gates. Cisco is a big network provider. They have some of the best hardware and software out there, and you have to subscribe to a lot of people complain. I ain't going to just go buy a firewall for 200 bucks on Amazon. [00:51:24] Why would I pay that much a month just to to have a Cisco firewall? And it's like praying pain for the brand. I've got by logo chert on here. Oh, I wouldn't pay for that. No, it's because they are automatically providing block lists that are updated by the minute sometimes. And then make sure you've got an incident response plan in place. [00:51:50] What are you going to do when they come for you? What are you going to do?  [00:51:55] Now we're going to talk about prevention. What can you do an order to stop some of these attacks that are coming from Russia and from other countries, it is huge. People. Believe me, this is a very big problem. And I'm here to help. [00:52:12] We've reviewed a number of things that are important when it comes to your cyber security and your protection. [00:52:20] We talked about the front end. We talked about the backend. Now we're going to talk about pure prevention and if you're watching. Online. You'll be able to see my slides as they come up, as we talk about some of this stuff and you'll find me on YouTube and you'll also find me on rumble, a fairly new platform out there platform that doesn't censor you for the things you say. [00:52:44] Okay. So here we go. First of all, enabling your active directory password protection is going to. Four's password protection all the way through your business. Now I've had some discussions with people over the months, over the years about this whole thing and what should be done, what can be done, what cannot be done. [00:53:09] Hey, it's a very big deal when it comes to password protection and actor directory, believe it or not, even though it's a Microsoft product is pretty darn good at a few things. One of them is. Controlling all the machines and the devices. One of the things we do is we use an MDM or what used to be a mobile device manager called mass 360. [00:53:34] It's available from IBM. We have a special version of that allows us as a managed security services provider to be able to control everything on people's machines. Active directory is something you should seriously consider. If you are a Mac based shop. Like I am. In fact, I'm sitting right now in front of two max that I'm using right now, you'll find that active directory is a little bit iffy. [00:54:04] Sometimes for max, there are some work around and it's gotten better mastery. 60 is absolutely the way to go, but make sure you've got really good. Passwords and the types of passwords that are most prone to sprain the attacks are the ones you should be banning specifically. Remember the website? Have I been poned? [00:54:28] Yeah. It's something that you should go to pretty frequently. And again, if you miss anything today, just email me M e@craigpeterson.com. Believe me, I am not going to harass you at all. Okay. Now, the next thing that you should be doing is what's called red team blue team. Now the red team is a group of people, usually outside of your organization. [00:54:54] If you're a big company they're probably inside, but the red team is the team that attacks you. They're white hat hackers, who are attacking you, looking for vulnerabilities, looking for things that you should or shouldn't be doing. And then the blue team is the side that's trying to defend. So think of, like war games. [00:55:12] Remember that movie with Matthew Broderick all of those decades ago and how the, he was trying to defend that computer was trying to defend that it moved into an attack mode, right? Red team's attack, blue team is defend. So you want. To conduct simulated attacks. Now w conducting these attacks include saying, oh my let's now put in place and execute our plan here for what are we going to do once we have a. [00:55:44] And you darn well better have a breach plan in place. So that's one of the things that we help as a fractional chief information security officer for companies, right? You've got to get that in place and you have to conduct these simulated attacks and you have to do penetration testing, including password spraying attacks. [00:56:04] There's so many things you can do. The one of the things that we like to do and that you might want to do, whether you're a home user, retiree or a business is go and look online, you can just use Google. I use far more advanced tools, but you can use Google and look for your email address right there. [00:56:23] Look for the names of people inside your organization. And then say wait a minute, does that data actually need to be there? Or am I really exposing the company exposing people's information that shouldn't be out there because you remember the hackers. One of the things they do is they fish you fish as in pH. [00:56:47] So they'll send you an email that looks like. Hey let me see. I know that Mary is the CFO, and I know that Joe's going to be out of town for two weeks in The Bahamas, not a touch. So while he's got. I'm going to send an email to Mary, to get her to do something, to transfer the company's funds to me. [00:57:06] Okay. So that's what that's all about. You've got to make sure, where is our information? And if you go to my company's page, mainstream.net, you'll see on there that I don't list any of the officers or any of the people that are in the company, because that again is a security problem. [00:57:24] We're letting them know. I go to some of these sites, like professional sites lawyers, doctors, countenance, and I find right there all, are there people right there top people or sometimes all of them. And then we'll say, yeah, I went to McGill university, went to Harvard, whatever my B. It's all there. So now they've got great information to fish you, to fish that company, because all they have to do is send an email to say, Hey, you remember me? [00:57:56] We're in Harvard when this class together. And did you have as a professor to see how that works? Okay. You also want to make. That you implement, what's called a passwordless user agent, and this is just so solely effective. If they cannot get into your count, what's going to, what could possibly go wrong, but one of the ways to not allow them into the count is to use. [00:58:24] Biometrics. We use something called duo and we have that tied into the single sign-on and the duo single sign-on works great because what it does now is I put in, I go to a site, I put it into my username and. Pulls up a special splash page that is running on one of our servers. That again asks me for my duo username. [00:58:48] So I've got my username for the site then to my dual username and my duo password single sign on. And then it sends me. To an app on my smart device, a request saying, Hey, are you trying to log into Microsoft? And w whatever it might be at Microsoft, and you can say yes or no, and it uses biometric. [00:59:11] So those biometrics now are great because it says, oh, okay, I need a face ID or I need a thumb print, whatever it might be that allows a generalized, a password, less access. Okay. Password less. Meaning no pass. So those are some of the top things you can do when it comes to prevention. And if you use those, they're never going to be able to get at your data because it's something you have along with something, it works great. [00:59:45] And we like to do this. Some customers. I don't like to go through those hoops of the single sign-on and using duo and making that all work right where we're fine with it. We've got to keep ourselves, at least as secure as the DOD regulations require unlike almost anybody else in industry, I'm not going to brag about it. [01:00:09] But some of our clients don't like to meet the tightest of controls. And so sometimes they don't. I hate to say that, but they just don't and it's a fine line between. Getting your work done and being secure, but I think there's some compromises it can be readily made. We're going to talk next about saving your data from ransomware and the newest ransomware. [01:00:36] We're going to talk about the third generation. That's out there right now. Ransomware, it's getting crazy. Let me tell ya and what it's doing to us and what you can do. What is a good backup that has changed over the last 12 months? It's changed a lot. I used to preach 3, 2, 1. There's a new sheriff in town. [01:00:58] Stick around Craig peterson.com. [01:01:02] 3, 2, 1 that used to be the standard, the gold standard for backing up. It is no longer the case with now the third generation of ransomware. You should be doing something even better. And we'll talk about it now. [01:01:19] We're doing this as a simulcast here. It's on YouTube. It is also on rumble. [01:01:27] It's on my website@craigpeterson.com because we're going through the things that you can do, particularly if you're a business. To stop the Russian invasion because as we've been warned again and again, the Russians are after us and our data. So if you missed part of what we're talking about today, or. [01:01:50] Last week show, make sure you send me an email. me@craigpeterson.com. This is the information you need. If you are responsible in any way for computers, that means in your home, right? Certainly in businesses, because what I'm trying to do is help and save those small businesses that just can't afford to have full-time. [01:02:15] True cyber security personnel on site. So that's what the whole fractional chief information security officer thing is about. Because you just, you can't possibly afford it. And believe me, that guy that comes in to fix your computers is no cyber security expert. These people that are attacking our full time cybersecurity experts in the coming from every country in the world, including the coming from the us. [01:02:44] We just had more arrests last week. So let's talk about ransomware correctly. Ransomware, very big problem. Been around a long time. The first version of ransomware was software got onto your computer through some mechanism, and then you had that red screen. We've all seen that red screen and it says, Hey, pay up buddy. [01:03:07] It says here you need to send so many Bitcoin or a fraction of a Bitcoin or so many dollars worth of Bitcoin. To this Bitcoin wallet. And if you need any help, you can send email here or do a live chat. They're very sophisticated. We should talk about it some more. At some point that was one generation. [01:03:29] One generation two was not everybody was paying the ransoms. So what did they do at that point? They said let me see if they, we can ransom the data by encrypting it and having them pay us to get it back. 50% of the time issue got all your data back. Okay. Not very often. Not often enough that's for sure. [01:03:49] Or what we could do is let's steal some of their intellectual property. Let's steal some of their data, their social security number, their bank, account numbers, et cetera. They're in a, in an Excel spreadsheet on their company. And then we'll, if they don't pay that first ransom, we'll tell them if they don't pay up, we'll release their information. [01:04:10] Sometimes you'll pay that first ransom and then they will hold you ransom a second time, pretending to be a different group of cyber terrorists. Okay. Number three, round three is what we're seeing right now. And this is what's coming from Russia, nears, everything we can tell. And that is. They are erasing our machines. [01:04:31] Totally erasing them are pretty sophisticated ways of erasing it as well, so that it sinks in really, it's impossible to recover. It's sophisticated in that it, it doesn't delete some key registry entries until right at the very end and then reboots and computer. And of course, there's. Computer left to reboot, right? [01:04:55] It's lost everything off of that hard drive or SSD, whatever your boot devices. So let's talk about the best ways here to do some of this backup and saving your data from ransomware. Now you need to use offsite disconnected. Backups, no question about it. So let's talk about what's been happening. [01:05:17] Hospitals, businesses, police departments, schools, they've all been hit, right? And these ransomware attacks are usually started by a person. I'll link in an email. Now this is a poison link. Most of the time, it used to be a little bit more where it was a word document, an Excel document that had something nasty inside Microsoft, as I've said, many times has truly pulled up their socks. [01:05:45] Okay. So it doesn't happen as much as it used to. Plus with malware defender turned on in your windows operating system. You're going to be a little bit safer next step. A program tries to run. Okay. And it effectively denies access to all of that data. Because it's encrypted it. And then usually what it does so that your computer still works. [01:06:09] Is it encrypts all of you, like your word docs, your Excel docs, your databases, right? Oh, the stuff that matters. And once they've got all of that encrypted, you can't really access it. Yeah. The files there, but it looks like trash now. There's new disturbing trends. It has really developed over the last few months. [01:06:31] So in addition to encrypting your PC, it can now encrypt an entire network and all mounted drives, even drives that are marrying cloud services. Remember this, everybody, this is really a big deal because what will happen here is if you have let's say you've got an old driver G drive or some drive mounted off of your network. [01:06:57] You have access to it from your computer, right? Yeah. You click on that drive. And now you're in there and in the windows side Unix and max are a little different, but the same general idea you have access to you have right. Access to it. So what they'll do is any mounted drive, like those network drives is going to get encrypted, but the same thing is true. [01:07:20] If you are attaching a U S B drive to your company, So that USB drive, now that has your backup on it gets encrypted. So if your network is being used to back up, and if you have a thumb drive a USB drive, it's not really a thumb drive, right? There's external drive, but countered by USP hooked up. [01:07:45] And that's where your backup lives. Your. Because you have lost it. And there have been some pieces of software that have done that for awhile. Yeah. When they can encrypt your network drive, it is really going after all whole bunch of people, because everyone that's using that network drive is now effective, and it is absolutely. [01:08:10] Devastating. So the best way to do this is you. Obviously you do a bit of a local backup. We will usually put a server at the client's site that is used as a backup destiny. Okay. So that servers, the destination, all of the stuff gets backed up there. It's encrypted. It's not on the network per se. It's using a special encrypted protocol between each machine and the backup server. And then that backup servers data gets pushed off site. Some of our clients, we even go so far as to push it. To a tape drive, which is really important too, because now you have something physical that is by the way, encrypted that cannot be accessed by the attacker. [01:09:03] It's offsite. So we have our own data center. The, we run the, we manage the no one else has access to it is ours. And we push all of those backups offsite to our data center, which gives us another advantage. If a machine crashes badly, right? The hard disk fails heaven forbid they get ransomware. We've never had that happen to one of our clients. [01:09:29] Just we've had it happen prior to them becoming clients, is that we can now restore. That machine either virtually in the cloud, or we can restore it right onto a piece of hardware and have them up and running in four hours. It can really be that fast, but it's obviously more expensive than in some. [01:09:51] Are looking to pay. All right, stick around. We've got more to talk about when we come back and what are the Russians doing? How can you protect your small business? If you're a one, man, one woman operation, believe it. You've got to do this as well. Or you could lose everything. In fact, I think our small guys have even more to lose Craig peterson.com. [01:10:16] Backups are important. And we're going to talk about the different types of backups right now, what you should be doing, whether you're a one person, little business, or you are a, multi-national obviously a scale matters. [01:10:32] Protecting your data is one of the most important things you can possibly do. [01:10:36] I have clients who had their entire operating account emptied out, completely emptied. It's just amazing. I've had people pay. A lot of money to hackers to try and get data back. And I go back to this one lady over in Eastern Europe who built a company out of $45 million. By herself. And of course you probably heard about the shark tank people, right? [01:11:07] Barbara Cochran, how she almost lost $400,000 to a hacker. In fact, the money was on its way when she noticed what was going on and was able to stop it. So thank goodness she was able to stop it. But she was aware of these problems was looking for the potential and was able to catch it. How many of us are paying that much attention? [01:11:34] And now one of the things you can do that will usually kind of protect you from some of the worst outcomes. And when it comes to ransomware is to backup. And I know everybody says, yeah, I'm backing up. It's really rare. When we go in and we find a company has been backing up properly, it even happens to us sometimes. [01:11:59] We put them back up regimen in place and things seem to be going well, but then when you need the backup, oh my gosh, we just had this happen a couple of weeks ago. Actually this last week, this is what happened. We have. Something called an FMC, which is a controller from Cisco that actually controls firewalls in our customer's locations. [01:12:26] This is a big machine. It monitors stuff. It's tied into this ice server, which is. Looking for nastiness and we're bad guys trying to break in, right? It's intrusion detection and prevention and tying it into this massive network of a billion data points a day that Cisco manages. Okay. It's absolutely huge. [01:12:48] And we're running it in a virtual machine network. So we. Two big blade. Chassies full of blades and blades are each blade is a computer. So it has multiple CPU's and has a whole bunch of memory. It also has in there storage and we're using something that VMware calls visa. So it's a little virtual storage area network. [01:13:15] That's located inside this chassis and there are multiple copies of everything. So if a storage unit fails, you're still, okay. Everything stays up, it keeps running. And we have it set up so that there's redundancy on pond redundancy. One of the redundancies was to back it up to a file server that we have that's running ZFS, which is phenomenal. [01:13:40] Let me tell you, it is the best file system out there I've never ever had a problem with it. It's just crazy. I can send you more information. If you ever interested, just email me@craigpeterson.com. Anytime. Be glad to send you the open source information, whatever you need. But what had happened is. [01:13:57] Somehow the boot disk of that FMC, that, that firewall controller had been corrupted. So we thought, oh, okay, no problem. Let's look at our backups. Yeah, hadn't backed up since October, 2019. Yeah, and we didn't know it had been silently failing. Obviously we're putting stuff in place to stop that from ever happening again. [01:14:27] So we are monitoring the backups, the, that network. Of desks that was making up that storage area network that had the redundancy failed because the machine itself, somehow corrupted its file system, ext four file system right then are supposed to be corruptible, but the journal was messed up and it was man, what a headache. [01:14:51] And so they thought, okay, you're going to have to re-install. And we were sitting there saying, oh, you're kidding me. Reinstalling this FMC controller means we've got to configure our clients, firewalls that are being controlled from this FMC, all of their networks, all of their devices. We had to put it out. [01:15:07] This is going to take a couple of weeks. So because I've been doing this for so long. I was able to boot up an optics desk and Mount the file system and go in manually underneath the whole FMC, this whole firewall controller and make repairs to it. Got it repaired, and then got it back online. So thank goodness for that. [01:15:33] It happens to the best of us, but I have to say I have never had a new client where they had good backups. Ever. Okay. That, and now that should tell you something. So if you are a business, a small business, whatever it might be, check your backups, double check them. Now, when we're running backups, we do a couple of things. [01:15:57] We go ahead and make sure the backup is good. So remember I mentioned that we h

    Did You Hear How the FBI, NSA, and CIA Got Tracked Because of Their Smartphones? How About You?

    Play Episode Listen Later May 7, 2022 82:45

    Did You Hear How the FBI, NSA, and CIA Got Tracked Because of Their Smartphones? How About You? You're worried about surveillance. Hey, I'm worried about surveillance. And it turns out that there's a secretive company out there that to prove their mustard tracked the CIA, and NSA yeah. Fun thing. [Following is an automated transcript.] [00:00:16] This is a company that is scary. We've talked before about a couple of these scary guys. [00:00:22] There's this Israeli company called NSO group. And this it is, so group is absolutely incredible. What they've been doing, who they'll sell to these. Guys are a company that sells cell phones, smart phone exploits to its customers. And there are alleged to have sold their software to a variety of human rights abusers. [00:00:53] We're talking about NSO group coming up with what we would term a zero day hack against I-phones against Android phones against pretty much anything out. So in other words, I hacked that no one ever seen before and then use that in order to get into the phone and find information, they views things like the, I think it was what's app and video that was sent and usually. [00:01:22] To hack Saudi Arabian phones. You might remember Chris Shogi this journalist. I guess he was who apparently was murdered by them. Big problem. So this Israeli group. Yeah. Yeah. They sell to anybody that's willing to pay. At least that's what the allegations are. I've never tried to buy their stuff, but yeah, they're assisting government with hacks with. [00:01:48] Ultimate in surveillance. Another one clear view. We've talked about them on the show before this is a company that has done all kinds of illegal stuff. Now some of it's technically not illegal. They're against the terms of usage, what Clearview has done. And now they've gotten involved in this Russian Ukrainian. [00:02:12] War that's been going on here and they've gotten involved with a number of legal cases in the us. What they did is they said, okay great. Let's do something. You remember Facebook, right guys. So you've heard of that before. And how Facebook got started. Mike Zuckerberg. MK went ahead and stole the pictures of the women that were in Harvard's cattle. [00:02:41] And I will, when I'm, when I say catalog, okay, this isn't like a catalog of women, order one mail order type thing. We're talking about their index, their contacts, there is a catalog of all of the students that are there in the school. So Zuckerberg goes and grabs those against policy. [00:03:00] Okay. Maybe it wasn't strictly against policy at the time. And then he puts up some. Called the Facebook where people can look at a picture of a girl and decide whether or not she should get a five or a 10 or a one. Yeah. That sort of stuff, abusing people that really is abuse. I can't imagine. [00:03:19] The way people felt, I had seen their ratings by people that didn't know them, that somehow their Def definition of beauty really defined who they are. It's crazy what the stuff he did. So he started his business by stealing stuff. Microsoft started his business by. By going ahead and misrepresenting, some would say lying to IBM about what he had as far as an operative system goes right, again and again, we're seeing dishonest people getting involved, doing dishonest things to get their companies off of the ground. [00:03:54] And I have a friend who's an attorney who says, and Craig, that's why you will never be wealthy because you just wouldn't do any of that. So Clearview is another example of these types of companies. In this case, clear view, went to Facebook and crawled any page. It could get its little grubby crawlers on. [00:04:18] So it found your public fake Facebook page. It went. Over the internet. There's a number of websites. Some are out of business now, but the, you upload your pictures to you. People can rate them, can share them. You can share them. Hey, you got your own photo gallery here that you can share with friends and a million other people. [00:04:39] I'm right. That's what ended up happening. That's how those guys made the money. They're selling you on, Hey, you can look at how convenient this. And you can have your own little photo gathered at gallery and you can take that full load photo gallery and share it with your friends. And then if you read the fine print at T and we'll make money off of showing your pictures and showing ads well, Ah, Clearview went and scanned every website. [00:05:08] It could get its grubby little scanners on crawled through the mall, downloaded pictures of any face that it could find. And then went ahead and digitized information about people's faces. So it spent years scraping and then it put together its technology, facial recognition technology, and went to the next level, which is, Hey, please department, get my app so you can get the clear view. [00:05:41] And do you encounter someone? You can take a picture of them and upload it, which now gives them another face. Doesn't it. And then once it's uploaded, it'll compare it. It'll say, okay. Found the guy here. So with the Russia Ukrainian war, what they were doing is taking pictures of dead and injured, Russian soldiers, running them through this database online of all of these spaces, found out who they were and went so far as to use. [00:06:14] Stolen data online. Now this is war, right? The whole thing is crazy, but the stolen database online find out who their mothers were, the phone numbers for the mothers, and to have people all over the world, sending text messages to mom about their dads. Yeah. Okay. So Clearview sells it to police departments. [00:06:38] They sell it to pretty much the highest bidder they say, Hey, listen, we don't do that. Come on right now. There's other data brokers. And I've had a few on my show in the past who are using harvested information from phone apps to provide location data. To law enforcement so that they can then circumvent. [00:07:03] What you have a right to privacy. Don't you it's codified right in the bill of rights. I was first 10 amendments to the U S constitution and it was all defined by the Supreme court's carpenter decision. So we have protections in the constitution, natural, right? That were confirmed by the Supreme court that say, Hey, the federal government, you cannot track all of the citizens. [00:07:31] You can't track what they're doing. You can't harvest their information. And yet at the same time, They go to the data brokers that have put together all of these face pictures, figured out who your friends are, you sign up for Facebook and it says, Hey, you want me to find your friends? [00:07:49] See if they're already on Facebook. Just hit. Yes. Here, not blowed your contact list. So I'll go. Facebook says, oh, look at all your friends. Or we found isn't this exciting. And in the meantime, in the background, Facebook is looking at all of this data and saying, we now know who your friends are. And so many people have wondered I wait a minute. [00:08:10] I didn't talk about. I didn't do a search for product X online, and yet I'm getting ads for product X. Well, did you mention it to a friend who might've done a search for it? Because these search engines, these companies like Facebook know who your friends are, what they're interested in, and they'll sell ads to people who are going to promote to you the same items they're promoting to your friends. [00:08:35] It's absolutely crazy. So this company. It's called and they're very quiet, very low key. The website doesn't say anything at all, but they took their software. That's pulling all of this data together and compiling it. Yeah. And ASX pointed all of this technology towards the national security agency and the C I a and Jews, their own cell phones against them. [00:09:08] Now, why did they do this? They didn't do it to prove something about how, you shouldn't allow this sort of thing to happen and they didn't do it to prove that man, we've got to have tighter controls because look at what we can do. If we can do it, other people can do it. No. According to audio, visual presentations and recordings of an ACX presentation reviewed by the intercept and tech inquiry. [00:09:36] claimed that it can track roughly 3 billion devices in real time. That's equivalent to a fifth of the world population. You're not going to find anything out about Asics it's called anomaly six. Good luck online. If you find it, let me know me@craigpeterson.com. I'd love to know more about these guys. The only thing on a website for them as an email address and a six anomalies six in that presentation showed the nation spooks. [00:10:13] Exactly what knew about. All right. Apparently is also ignoring questions from journalists and will only respond to emails from people in upper levels of federal agencies, which means, and maybe this is a supposition from our friends over at tech dirt. I don't know. But then what that means is they're looking to sell your information in real time. [00:10:43] To the feds to get around the carpenter decision and the constitution just absolutely amazing. Hey, go online right now. Craig peterson.com. I'll send you my special report on passwords and my two other most popular Craig peterson.com. Stick around. [00:11:06] Have you ever wondered about search engines? Which one should you be using? You're not alone. It's probably the number one question I get from people. What should I use? Google is falling behind, but we're going to talk about the top engines and the why. [00:11:23] Google has been an amazing company moving up. Of course, we're just talking about the cheats. [00:11:31] So many companies have taken over the years and Google has certainly had its share of cheat. I haven't seen anything about them just doing completely underhanded things to get started. I think. They were pretty straightforward. They had a great idea back in the beginning, where they were just looking at links, how many sites linked into this one particular site? [00:11:57] And that gave this concept of a page rank. Very simple, very easy to do. Of course, are problems with. Because you would end up with pages that are older, having more links to them, et cetera. And they have over the years really improved themselves, but we also have some other problems right now with Google. [00:12:22] If you do searches on Google for a number of different. And you'll see that really Google search quality has deteriorated in recent years. We've talked before here about some of the problems with Google and elections and how they have obviously gone out of their way to influence the election. [00:12:43] There is study down in, done in orange county, California, or at least about orange county, California, and an election down there showed that Google had a major influence on that election and also tilted it a certain way on purpose. Absolutely amazing. So that's one way Google has fallen behind, but you can. [00:13:06] At all kinds of searches and hope you're going to get a great response. And you don't have you noticed that it's gotten worse and then on top of it, you're starting to see more ads squeezed in it is not great. I have used. Of course for programming in years past, before that I liked alter Vista, which was a digital equipment corporation product out there. [00:13:32] Vista was pretty darn good. And you could use Boolean logic with it. Google says you can use Boolean with us, but it's not the same as Google's is very simple. But at any rate they have not made any. Leaps here going forward. It's been absolutely amazing. So let's go through the search engines. [00:13:53] I'm going to give you right now, the pros and cons to some of these search engines out there. So we started with. It is 800 pound gorilla. And in case you didn't know the number two overall search engine is YouTube. Okay. But let's stick with straight searches, not video searches. So what is great about Google? [00:14:19] One of the big things is they like fresh content. So if you're looking to do search engine optimization for your business, you are best off having some Keystone pages. So having these pages that are. Kept up to date. So you might have a page on whatever it might be hacking VPNs, right? And you make sure you update it because Google does favor the fresh content. [00:14:45] They rank blogs and. Services, which is really nice and they're accessible in any device. They have apps that work well on a browser. And I'm right now, I'm looking@anarticlebylifewire.com on the best search engine. So you'll see some of this information there. They don't like about it is the same thing you don't. [00:15:09] Right? Which is, it collects all kinds of data on you. They also have hidden content that, that might damage your ranking as a business or someone who has a website and the search delivers. Too many results, millions of results. Yeah, there probably are millions of results for a single search, but what I want are the really relevant ones and Google learns over time. [00:15:38] What kind of results that you want, which is kudos to them, but they are tone deaf sometimes, frankly as well. Okay. Our number two on our list of topics. Is duck go. Now I've been talking about them for quite a while and some people have been disparaging talk, talk, go lately. And the reason is they say, what. [00:16:03] And those search results maybe are a little wrong, right? They are maybe student little sensory, not as much as Google does, but some, at first duck go.com is where you'll find them online named after that kids game. Is a privacy search engine. So it is not tracking or storing any information about you. [00:16:29] That's a very big one. There are searches are very fast, but they're backed. The actual backend search engine is. Which is Microsoft. We're going to get to that in a couple of minutes here. That means that if Microsoft is deciding to do some weighting on search results, based on their political views, then that's going to show up in duck go, but it's nowhere near as bad. [00:16:54] And I've talked about it on the show before we'd done some examples. So it is also now giving you the option to restrict your searches to the last month worth of results, which is really nice. That keeps a little more up to date. They also aren't great at image searches, no personalized results, and it is free, which is nice. [00:17:17] You might also want to look at quant Q w a N T. If you look at. A private or privacy browser. Quanta's a French company, but it does leave English as well. Okay. English results. They like the older and well-established web pages, they rank home pages. They do not rank blogs. They crawl all kinds of hidden content and non hidden, equally, unlike Google, which is really great being as not great at forums. [00:17:50] As I mentioned, blogs, they're not as fast as Google. And they have some seriously heavy search results screened. Dogpile they've been around for quite a while. You might want to check them out. They have something called fetches and favorite fetches. So you can have a home screen when you go to dog pile and you'll see right there. [00:18:14] Your favorite searches and they're right there for you. You can just keep going to them. They use multiple databases so they can get broad results, multiple backend search engines, and there's no home screen personalization available. And lots of sponsored results, which isn't a real big deal, but you'll find them online@dogpile.com, Google scholar search. [00:18:38] I've used this a number of times. If you're looking for scholarly articles, it is really good. You can get citations in various styles. If you are working on your master's PhD, whatever. B and they're imposing a style in the document that you're writing. So you can put it into the bibliography and a, they got a lot of great stuff. [00:19:02] Google scholar you'll find online at scholar dot, google.com. Wearable PDs, sir. It focuses on technical terms and applications, which is good, friendly to non-tech users. And it is only searching the web well, PD is 10,000 word and phrase database. So that's pretty. To to understand to Yahoo search, they have a home screen, has news trending topics. [00:19:33] I've used y'all who? Of course it's not what it used to be, but it does have everything right there. Even your horoscope. And the ads are not marked out clearly. And then there's the internet archive search. This is actually a site that I fund. I donate money to them every month and you'll find them@archive.org, but it is really cool. [00:19:58] You can search based on timeframes again, if you are doing papers, if you're a journalist. You can find what was the internet like? Or was this webpage? What was it like around a hurricane Katrina in 2005, right there. We will find it online@archive.org. Hey, stick around. We'll be right back. [00:20:23] You already know that hackers are coming after you we've talked about how they are out there, scraping web pages, putting together stuff. I want to bring up again, the Ukraine, Russian war and Russia leaking data like a sieve . [00:20:39] It is, of course in the news again, it seems like it has been in the news for how long now, six years, maybe longer in this case, we're going to talk about what the hackers are doing because they're not just doing it to Russia. [00:20:56] They're doing. Us. And it's a problem. We're going to explain why you've heard of doxing before D O X I N G two docs, someone which is basically to find documentation about people and to release it. That's really a part of it. So you've seen some political operatives who have gone online and doxed people. [00:21:22] For instance one of them is libs of tick talk. You might've heard of that one, and this is where they take all of these crazy things that crazy people on tick talk, go ahead and publish and just put excerpts of them together. They don't cut it up to make them look crazy. No. They let them be crazy. [00:21:42] All by themselves and put it online. So some libs decided, Hey, we don't like this. And journalists who had been complaining about doxing before that shouldn't be done and it's unethical. It should be illegal. Yeah. What does she do? She goes and docks. The lady that was running libs of tick talk. [00:22:07] And I, it just blows my mind here. How can these people be so two faced, they really are just crazy to face. So she went ahead and did what she said should never be done. And I'm sure she had some form of justification for it and put it out online. So I went online, comes this lady's home. Address her name. [00:22:31] Kinds of stuff and that's available online right now. Now you might want to try and do something that I've done before, which is, if you go to one of these data brokers, ads for these things, right? Do a search for yourself with us. And have a look at how accurate that information is. When I looked last time I looked cause I had a few data brokers on the radio show. [00:22:58] I would say less than a third of the information that they claimed was information about me was actually accurate less than a third, frankly. And I don't think that's a particularly, what's the word I'm looking for, but Unique situation. Let me put it that way. I don't think it's unique at all. I think they get a lot of it wrong because remember, they're trying to piece together this piece together that and put it all together. [00:23:27] So you can't a hundred percent rely on any of that stuff. And as I said, for me, it wasn't particularly accurate. Now let's move into. Ukraine has claimed to have doxed Russian troops as well as FSB spies. Do you remember them from the Soviet union? They still exist, and hacktivists actually have official scheduled meetings and are leaking private information from various Russian organizations in Russia. [00:23:59] So we're talking about things like their names, birth dates, passport numbers, job titles, and the personal information that they have released about these Russian companies. And people goes on for pages here. It looks like frankly, any data breach, you'll find a great article about this that I'm referring to in wired.com, but this particular data. [00:24:25] Can change personal information on 1600 Russian troops who served in bootcamp, a Ukrainian city, that's been attacked by Russia. And by the way, you've probably seen these things. There were all kinds of accusations here of multiple potential war crimes. What was going on over there? So this data sets not the only one. [00:24:50] There's another one that legislature legislation. Allegedly contains the names and contact details of 620 Russian spies who are registered to work at the Moscow office of the F S B. That is Russia's main security agents. Now this information wasn't released by hackers in North Korea or hackers in the us or Russia, because we already know Russian hackers. [00:25:22] Don't attack Russia. They're not stupid. Okay. They don't want boudin coming after them, but this was published by Ukraine's intelligence service. So all of these names, all of these personal details, birth dates, passport numbers, job titles, where they're from all kinds of stuff. I'm freely available online to anyone who cares to look now, Ukrainian officials wrote in a Facebook post as they publish the data that every year peon should know their names. [00:25:56] So you got to bet, there are a lot of people freaking out over there. Absolutely freaking out in Russia that is. Since the Russians invaded Ukraine, there have been huge amounts of information about Russia itself, the Russian government activities and companies in Russia. These, all the guards that are over there and it's all been made public. [00:26:21] So it's very interesting because these are been closed off private institutions in the us. Yeah, we do some hacking of potential adversaries, but they don't release. All right. Not at all, but there's really two types of data here. First of all, you've got the information that the Russian authorities are publishing. [00:26:42] Their allies are publishing, and then you've got the hacktivists, these companies, these groups, I should say. Anonymous hundreds of gigabytes of files and millions of emails have been made public, including some of the largest companies within Russia. The big guys, oil and gas companies or lumber companies, et cetera, et cetera. [00:27:08] So there's a former British Colonel in the military intelligence. Wired is quoting here, his name's Phillip Ingram. And he said, both sides in this conflict are very good at information operations. The Russians are quite blatant about the lies that they'll tell we're used to that aren't we, and much of the Russian disinformation has been debunked, but they say. [00:27:36] They have to make sure that what they're putting out is credible and they're not caught telling out right. Lies in a way that would embarrass them or embarrass their international partners. So it's really quite interesting. We've started seeing the stuff coming out in March 20, 22. Of course. And it's hard to tell how accurate the data is. [00:28:00] Looks probably pretty accurate. It has been scooped up as I mentioned on the show before, but. Some activists, one of whom has put together an app that anyone can download. And that allows you to send texts to the mothers of Russian soldiers, some alive, some dead, and it automatically translated into Russian. [00:28:24] I assume it's a crude translation, but whatever. So you can. Harass some bore a babushka over there in Russia, whose grandson is out there fighting. This is just incredible. We've never seen anything like any of this before, but doxing very toxic online behavior. And when it comes to war, the gloves are off. [00:28:48] And by the way, these groups that I mentioned, these hacktivists have official meetings, Tuesday mornings on telegram, and they talk about who the next target is. Absolutely amazing. Make sure you visit me online. Craig Peter sawn.com and don't go anywhere because we've got more coming up here about organizations in general, here in the us breaches are up stolen data or. [00:29:17] And the number of bankruptcies are up because of it. [00:29:23] Hacks or up no, you know that we've known that for awhile, but did you know that is not necessarily the number one reason businesses are suffering breaches. So we're going to talk about that right now. What else you have. [00:29:39] We've talked before about some of the websites that I keep an eye on. [00:29:44] One of them is called dark reading and they've got a lot of good stuff. Some of the stuff I don't really agree with, who agrees with everybody or another person, just one, even a hundred percent of the time. Like no one. Okay. So in this case, we're talking to. Organization suffering a breach. [00:30:03] And the stat that they're quoting here is that more than 66, 0% of organizations have suffered a breach in the last 12 months. That's huge. And the breaches have gotten more expensive. Global average breach cost is $2.4 million. And if you are unprepared to respond to a compromise, that price tag increases to $3 million. [00:30:36] Yeah. That's how bad it is. That's what's going on out there right now. But the point that really they're trying to make here, a dark reading in this article by Robert Lim. Is that organizations are focused too narrowly on external attackers when it's insiders third parties and stolen assets that cause many breaches. [00:31:02] That's what this new study is showing from Forrester research. Now I had them on the show a few times in the past, you might be familiar with them. They are a research company. The charges a lot for very little information, they've got the research to back it up right there. They're really one of the leading, if not the leading research company out there. [00:31:26] So last month they came in. With the 20, 21 state of enterprise breaches report. And they found that the number of breaches in the cost of breaches varied widely, depending on where the organization is based. And. The big one that you have control over is whether they were prepared to respond to breaches. [00:31:53] Now, companies in north America had the largest disparity between the haves and have not listened to these numbers. They're bad for businesses, these numbers, and they're worse for individuals. The average organization required 38 days. 38 days over a month on average to find eradicate and recover from a breach, but companies that were not prepared for security challenges took 62 days. [00:32:28] Now the good news here is that this is down. It used to take nine months on average, and now we're down to two months, but here's the big question. Can you, or can a company survive 62 days or is it going to be out of business? Do you have enough money to make payroll for the next two months? That's where the problem. [00:32:55] Really starts to come in. That's why small businesses that are hacked small businesses that are using things like Norton or some of the other real basic software without having a good firewall and good security practices. And same thing with individuals here. You are going to be out of business. [00:33:17] That's of the showing right now. And your insurance policy that you have for cybersecurity insurance will not pay out. I did a presentation for an insurance industry group. This was in Massachusetts and it was a statewide group. And we'd talked about how the. Are not paying out the companies. [00:33:41] Aren't right. And why, and if you are not prepared, if you are not doing the right things and I can send you a list of what you need to be doing, if you'd like, just email me@craigpeterson.com. Be glad to send it to me. M E at Craig Peterson, P E T E R. So when Dr. And just to ask for it and I'll respond to you or we'll get married or someone else to forward it to you because I've already got it. [00:34:07] Okay. This isn't a big deal for me. Okay. It's ready to go. But that list is an important list because if you don't meet the standard. That the insurance industry has set forward and you are a hack. They're not going to pay you a dime, even if you Sue them. And we've seen this with very large companies as well, where they're trying to recover tens of millions of dollars from the insurance policy, and they didn't get a dime. [00:34:36] They had to also pay who knows how many millions to lawyers to Sue the insurance companies. And they lost. Okay. It's a very big deal. So there's a huge misalignment, according to Forrester, between the expectation and the reality of breaches on a global scale, there's a big disparity of above $600,000 between those. [00:34:59] Paired to respond to a breach and those who are not. And we can talk about that as well, because there's things you need to do obviously backup, but backup means you've got to check the backup. You've got to make sure it's valid. You should be spinning up the backups on, in a virtual environment in order to make sure the backups are good. [00:35:22] There's a lot of things you should be doing. Okay. And that's just a part of it. Plus, do you have your PR people ready? Are you able to respond to the state requirements? A lot of states. Now, if you are hacked require you to report it to the state, in some cases in as little as 72 hours. So do you have that paperwork ready? [00:35:46] Do you have the phone numbers of all of the people that are on the team? Okay. All of these things now, the threats are not just the external hack. Anybody who's trying to protect their data is focused on obviously the external hackers. That's where we tend to focus part one part two is we focus in on the people that are working inside. [00:36:13] The company, right? It's a zero trust narrative here. Why is this guy in sales, trying to get into the engineering files? Why are they trying to get into payroll? You understand where I'm going with this, you buy and what I'm selling. You don't want them to have access to stuff that they don't need access. [00:36:37] Attacks that Forrester found were spread over external attacks, internal incidents, third party, and supply chain attacks, which is really big nowadays and lost or stolen. Assets globally. Half of companies consider external attacks to be this top threat, but in reality, only a third of the incidents come from external actors. [00:37:04] Nearly a quarter of them are traced back to an internal event. 23% consisted of lost or stolen assets and 21% involved with third. Partner. Interesting. Hey, so we've got to keep an eye on this. These external attacks are a very big deal and that's where they have success with what are called zero day attacks. [00:37:31] But your internal people can be a problem. Now I have. Put together in 2022, this is something really important. What we call a POA and M it's a plan of action and milestones of what you need to be doing. For your cybersecurity. Okay. This is available absolutely free. You have to email me M e@craigpeterson.com. [00:38:00] But the idea behind this is it's a spreadsheet that you can use in numbers on a Mac or Excel on windows. And it has all of the key items. Now we follow what's called the. 801 71 standard. This is the national Institute of standards and technology, and they've laid out all of the different things. That you should be doing now. [00:38:26] We've broken them down into eight cybersecurity activators as what we called them. And we have, you should have already gotten an email this week from me. If you're on my email list, just talking about, cause we're starting now getting into those cybersecurity activators. I'm showing you. To do about each one of them. [00:38:46] So you can do it yourself. So many of us are stuck with being the CTO or the guy or gal in charge of it just because we like computers or we know more than somebody else. So if you're on my email list, you will be getting these things off. We're going to be going through them in the weeks. I had little quick mini micro trainings, if you will, but you gotta be on the email list in order to get them. [00:39:12] These are also appropriate for home users right now. You're going to have to make your decisions as to what you're going to do, but home users have the same exposure, the same basic problems that they have in bigger organizations out. So I follow the national Institute of standards and technologies. [00:39:34] They have broken it down into a number of different sections. They actually require it. And if you are compliant with this new standard you are going to be able to recover your money from the insurance company. If you are hacked, I don't know. I was going to say it for a win, but hopefully you won't get hacked because of this. [00:39:58] So it's an important thing to follow. So make sure you go to Craig peterson.com/subscribe right now and get subscribed. A lot of stuff for home users. My business is focused on securing businesses. Particularly regulated businesses, right? If you have intellectual property, you don't want to have stolen a few do government contracts where they're requiring you to be compliant with this new standard or some of the others, but it's. [00:40:27] Basic stuff that every business should be following. So just email me, M e@craigpeterson.com with your questions. We've been really good at answering them. We've probably lately been averaging about a dozen a day. Which is quite a few, but so it might take us a little bit to get back to, but we've gotten much better. [00:40:48] Mary her number one responsibility right now is making sure that we answer all of your emails. We'll send out this plan of action and milestone spreadsheet for you. So you know what to do. This is updated. This is 2022. Everything you need right there. Me at Craig Peterson dot. Alright, you'll also find my podcast there. [00:41:14] Craig peterson.com. And I want to point out that I'm not doing the show on video anymore. Just wasn't getting enough traction with, if it just takes too long. Anyways, Craig peterson.com. [00:41:29] This is one of the top topics I've had people ask about lately, and that is protecting yourself and your business against Russian hacker. So I've got a presentation. We're going to run through it. We're going to talk about what you can do. [00:41:46] This has been a long time coming. I have been doing a lot over the years of webinars of online meetings, trying to help people understand what's going on, what can be done. [00:41:58] And I got a great email this week from one of the listeners. Who's been man on my email list now for years, I'm not even sure how many years. And he was saying, Hey, thanks for giving all of this information for free for small businesses. I can't afford it. And I got to thinking, because there've been a lot of requests lately, for instance, backups how should I be doing them? [00:42:22] What should I be doing? And a number of other topics that really all go together into the, how do I protect myself? My business. From ransomware from these Russian hackers. So that's what we're going to be talking about today. We're going to go through a few of these. This is going to be a series. [00:42:41] We're going to continue this here and weeks ahead, and I appreciate all your feedback. And if you miss part of it, make sure you email me just M. Craig peterson.com. Let me know, and I'll be glad to send some of it to you. Now I'm recording this on video as well. So it's great when you're driving around and listening in picking up some tidbits. [00:43:04] And if you do want to see the recorded version again, dropping them in an email to me@craigpeterson.com or search for me on YouTube or on one of the other sites that are out there like grumble and you'll. This as I release it. Cause this is going to take a few weeks to really get into the whole thing. [00:43:26] So let's get started. I'm going to pull this up here. Full screen. For those watching at home and what this is called today, we're talking about protecting your business and your self from Russian hackers because they have been out there. They have been causing just all kinds of problems, but there's a few things that you can do. [00:43:48] And I have them up on the screen here. Let me pull them up, but I want to get into the background first. Russian ransomware group. They're a bunch of bad guys and it's called Conti. Now. Conti has been around for a long time. These are the guys that have been ransoming us. They're the guys who in rants. The businesses they've been rants. [00:44:10] Government, you might've heard them. They've got into hospitals. They have been all over the place and they've raised a whole lot of. For the Russians. I'm also going to tell you about a couple of things you can do here. Cause there's a real neat trick when it comes to keeping Russians out of your computers, but Conti decided, Hey, listen, we are all for Russia and president and Putin. [00:44:34] So they came out with an official warning, oh, I want to read this to it says if anybody. We'll decide to organize a cyber attack or any war activities against Russia. We are going to use our all possible resources to strike back at the critical infrastructures of an enemy. Yeah, no, not the best English, but much better than my Russian. [00:44:55] I got to say that I know two words or so in Russian, but they said that they were announcing full support for president. That's a pretty bad thing. If you asked me, they also have ties to Russian intelligence intelligence, but what are we talking about really? Think of the KGB. [00:45:13] The FSB is what they're called nowadays, but directly tie. China and North Korea, Iran, or also now tied in with Russia to varying degrees, but all of them are a little bit concerned about getting into it a little too much, but we're going to talk about their tactics. That's what's important today. What are they doing? [00:45:35] Why are they doing it? What can you do about. So the first thing is password sprain. This is big deal. I've got a nice big slide up here. I like that color blue. I don't know about you, but I think it's pretty, but password sprain is something we all need to understand a little bit better. It's a brute force attack that has been really hurting. [00:46:00] Many of us. Let me see if I can get this to work. For some reason it has decided it just doesn't want. Let me see here. What is up? Oh, is something isn't it's just, I'm getting a white screen, but it's a brute force attack targets users who have common passwords. Now this is a problem. When we're talking about passwords. [00:46:25] If you have a password that has been breached in any of these breaches that have gone on over the last, however long, right? 30 years plus now that password is known to the bad guy. So what they'll do is they'll take that common password and they'll start to try it. So password sprain is where they will go to a bank site or they'll go to Google. [00:46:51] The, oftentimes they're trying to get at your email accounts. So if you have Google email or Yahoo or Hotmail, they'll try it. Use passwords that they have found against accounts that they have found on those various sites that ends up being quite a big problem for everybody out there. Okay. I got that screen back here. [00:47:12] So I'll put that up for those people who are well. But they will send multiple times attacks using variations of these passwords. And it's known as a low and slow method of password hacking because if they were to go bam, and send all of these passwords and login attempts. [00:47:35] They'd get caught. The automated systems would say, Hey, wait a minute. This is not good. We're going to cut you off. In fact, that's what I do for my client. We have remote access using SSH, which is a an encryption session so that we can have a terminal session. And if you try and log in three times, We automatically zap you, right? [00:47:58] We shut you down. So they take a very slow approach to this password sprain technique. And they're also going after volume, which makes a whole lot of sense. And there are right now, billions of passwords usernames, email addresses that have been stolen that are sitting out in the dark. So you've got to make sure that you are not reusing passwords. [00:48:24] How many times have we talked about that? You've got one common password that you're using over and again, while that's a problem, but they're not going to keep hacking your account. They're going to switch from one account to another because they don't want to get locked out. [00:48:39] Just like I lock out somebody who's trying to get in. So if someone's coming from that same. IP address that same internet site. And they're trying to log into that same account multiple times. Bam. They are gone. So with path's word sprain, they're trying to get around the problem of you noticing they're trying to get into a bunch of different accounts and they try and leverage it. [00:49:04] So they'll oftentimes use multiple computers that they've stolen access to. We've talked about that before too. It gets to be a real big. Now they're also targeting these single sign-on and cloud-based applications, because once they're on. Using one of these federated authenticated authentication protocols, they can mask the malicious traffic. [00:49:30] We've heard some of these hacks lately where they're using a token that they managed to pick up from somebody's email, I account, or they got onto Microsoft and they got into the email account on Microsoft. That happened recently. In a supply chain attack, solar winds. You heard about that 20, 21, right? [00:49:52] So they're going after these email applications, including Microsoft or Microsoft has done they're going after routers and internet of things, devices for a very good reason, those IOT devices, which are things like your smart lights, they can be. Controlling the cameras outside, they go on and on there's thousands, millions of them. [00:50:14] Now I actually all the way through your microwave, they tend to not be very well protected. So that's a real big target for them. So step. They want to acquire a list of usernames. Step two, they're going to spray the passwords. Where do they get those passwords in those usernames? Or they get them from breaches. [00:50:36] So again, if you have an account that's breached at some online shopping site, a big one, a small one, it doesn't really mean. That particular breach is now well known and they can, will and do gain access to your account which is step three, gain access to it. It gets to be a serious problem. [00:50:57] Okay. How do you know if you are under attack? Number one? There is a spike in failed. Log-ins this is where having a system and there's technical terms is tough for this. I'm trying to avoid a lot of those terms, but this is where the system is watching logins, noticing that there's a problem and going ahead and stopping it, not just noticing it, but stop. Very important to do. There are a high number of locked accounts, which means what it means that again, someone's been trying to log in. You should make sure that your account, if there are invalid, lock-ins automatic. Locks it out after some number of attempts and five attempts is usually considered to be okay. [00:51:44] I know on my phone, for instance, I have a higher number of the neck, cause sometimes the grandkids get at it. But when it comes to your business account, when it comes to your bank account, you probably don't want to have a whole bunch of attempts, and then in known or valid or invalid, I should say use. [00:52:04] Attempt again, why are they trying to log in with a username that just doesn't exist? Yeah, it can be a problem. Hey, when we come back. We're going to talk about some steps. Like you can take here to really remediate, maybe even stop a password spraying attack. I've already given you a few ideas here, but what are some act of things that you can do, particularly for a small business to really protect yourself? [00:52:33] Hey, stick around. We'll be right back. Craig peterson.com. [00:52:39] Russia has, been hacking our computers, Russia's continuing to hack our computers and this is a real problem. So we are going to talk right now about how to stop some of these things. We already talked about password sprain. How do you stop it? [00:52:56] There are a lot of things we have to pay attention to, and that's what I'm going to be doing in the weeks ahead. [00:53:03] We're going to be going through some of the things you need to do to keep yourself safe. Keep your business safe in this really dangerous online. There are so many things going on. So many people that are losing their retirement businesses, losing their operating accounts. We've seen it before with clients of ours while you know their clients now. [00:53:29] And it was just a devastating thing to them. So I don't want that to happen to you now, if you are interested. All of this is recorded and I am doing this as video as well. We've got slides and you can find out more about it. Just email me M e@craigpeterson.com. It's really that simple. And I didn't let me know. [00:53:54] And I'll be glad to send it off to you. Okay. This is available to anybody I'm trying to help. And we've had a lot of emails recently about some of these things. So th this is covering everything from the password spraying we're talking about right now through backups and other things that you need to do. [00:54:14] Let's get going on our sprain problem. So w what are the steps that we need to take in order to really remediate against one of these password spraying attacks? And frankly, it is. Oh, a lot to do. It has a lot to do with our users and what we do, if you're a business, if you are an individual, we need to be using longer passwords. [00:54:43] Now we're not talking about all of these random characters that we used to have. I remember having to have my password be at least four characters, long APAC, when didn't even have to have a username, it was just all based on the password. And things changed over the years, the latest standards that are out there right now come from this too, which is the national Institute for science and technology. [00:55:07] They are the guys that put together, all of the guidelines said federal government and businesses need to follow. And they're telling us that a longer passwords means elaborate pass phrase. So you should use 15 character passwords. I had an article just a couple of weeks ago saying that an eight character password can be cracked almost instantly, certainly within an hour, any eight character password. [00:55:39] So if you're still using that, you've got to make a change. And obviously nine characters is a lot more possibilities, takes a lot longer to crack. I don't have those numbers right in front of me, but 15 is the ideal. So use pass phrases instead of single words. So phrases like I don't know secretary of one, the Kentucky. [00:56:04] There you go. There's a phrase. So what you would do is put, maybe dashes between each one of the words. Maybe you would go ahead and use a comma, put some numbers in there, put some special characters in upper lowercase, right? So it's basically on uncrackable at that point. And that's what you want. [00:56:24] Next one. When we're talking about rules for your passwords, the best passwords are the passwords that you can remember without writing them down and words that don't make sense to anyone else's. I remember taking a memory course a few years back and they had random words and you had to remember them. [00:56:49] And the whole idea was okay, visualize this happening. And as I recall, man, it's been a lot of years I won't say decades, but it hasn't been. Since I did this, I still remember a part of it, it was first word was airplane. Next was all envelope. The next one was paper clip. Next one was pencil. [00:57:08] So I visualized an airplane flying into an all envelope and that all envelope then goes into a paper clip and a pencil writes on the outside. Like it's addressing it to someone. That is a good little password, actually airplane or envelope, paperclip, a pencil with a mixed case and maybe a number two or special symbol thrown in. [00:57:35] Those are the types of rules that we're talking about. The types of rules that really. Next up here. Oops. Wrong keyboard. Stay away from frequently used passwords. We've talked about this many times. If you're using one of the better password managers, like for instance, one password, you will automatically have any passwords that you are there in Shirin or that it creates you'll have them checked via a website out there. [00:58:07] It's called. Yeah. Okay. It's called. Have I been poned I, and I hated to say this because how do you spell it? It's all one big, long word. Have I been poned to.com and poned is P w N E d.com. It will tell you if a password that you're trying to use is a known password. If it has been found out in the wild, okay. [00:58:32] Use unique passwords for every site you visit, I can't stress this enough. We were talking about password sprain. If you use the same password and email address on multiple sites, you're in. Because all they have to do is try your email address and your password for whichever site it is that they might want to try out. [00:58:58] Remember, many of them are trying to get into your email and they have done that successfully. With Microsoft email, if you have their Microsoft 365 service and you might want to read the fine print there very carefully, because Microsoft does not guarantee much of anything. You make sure you back it up yourself. [00:59:20] Make sure you do all of these things because Microsoft just plain, isn't doing them for you. Next one here. Next up is our password manager. And I mentioned this before installing and using a password manager is phenomenal. It automates the generation of passwords. If you have. Integrated with your web browser. [00:59:45] It now allows your web browser to work with your password manager. So when you go to a site, you can have it pull up your passwords. How could it be much easier than that? It's really rather simple. That way it's keeping track of your logins. And again, One password.com is the one I recommend and people get confused. [01:00:06] When I say that, when I'm saying one password, I don't mean only have one password used for everything. One password is a name of a company.