POPULARITY
National security journalist Zach Dorfman returns to True Spies with the tantalising tale of one of the War on Terror's most secretive undercover operatives. Known only by his pseudonym, this CIA spy delivered intel directly to the highest echelons of power - and paid a heavy price for his success. From SPYSCAPE, the HQ of secrets. A Cup And Nuzzle production. Series producer: Joe Foley. Produced by Joe Foley. Learn more about your ad choices. Visit megaphone.fm/adchoices
As president, Trump was known for his "bromance" with North Korean dictator Kim Jung Un, holding two summits in Singapore and Hanoi and engaging in a "love letter" correspondence with him that he took with him to Mar-A-Lago after he left office. But before that, journalist Zach Dorfman reminds us, Trump came perilously close to unleashing a nuclear strike on the country--an attack that, then Secretary of Defense feared, would "incinerate a couple of million people." In a SpyTalk podcast, Dorfman also talks about how, under Trump's "maximum pressure" campaign on the country, the Pentagon and CIA updated ambitious-- and somewhat quixotic-- plans for regime change. Which Trump will guide U.S. policy should he return to the Oval Office: The peacenik who tried to engage Kim in diplomacy or the MAGA warrior who once threatened North Korea "with fire and fury" unlike the world has ever seen? As Dorfman points out, it's a pressing question given that, with North Korea's accelerated missile tests and a growing alliance with Vladimir Putin's Russia, including sending equipment and troops to Ukraine, some scholars believe the threat of a conflict on the Korean Peninsula is greater than it has been in years. Zach Dorfmanhttps://twitter.com/zachsdorfmanInside the Trump Admin's Secret Battle Plans for North Koreahttps://www.rollingstone.com/politics/politics-features/trump-north-korea-secret-battle-plans-nuclear-war-1235132893/ Follow Jeff Stein on Twitter:https://twitter.com/SpyTalkerFollow Michael Isikoff on Twitter:https://twitter.com/isikoff Follow SpyTalk on Twitter:https://twitter.com/talk_spySubscribe to SpyTalk on Substackhttps://www.spytalk.co/Take our listener survey where you can give us feedback.http://survey.podtrac.com/start-survey.aspx?pubid=BffJOlI7qQcF&ver=short
Silicon Valley couldn't be farther from the confines of Langley or Fort Meade, let alone Beijing or Moscow. Yet, the verdant foothills of suburban sprawl that encompass the Bay Area have played host to some of the most technically sophisticated espionage missions the world has ever seen. As the home of pivotal technologies from semiconductors to databases, artificial intelligence and more, no place has a greater grip on the technological edge than California — and every nation and their intelligence services want access. It just so happens that almost no national security reporter sits on this beat. Nearly all cover the sector from Washington, or in rare cases New York. All except one that is: Zach Dorfman. Zach has been driving the coverage of the technical side of espionage operations for years, and his pathbreaking scoops about China's unraveling of the CIA's network of operatives in the early 2010s were widely read in DC officialdom. Now, he's published two blockbuster features, one in Politico Magazine on the FBI's attempts to intercede in the chip trade between the U.S. and the U.S.S.R. at the height of the Cold War in the 1980s, and the other in Rolling Stone on a deep-cover agent and the very human consequences of state-to-state skullduggery. Zach and host Danny Crichton talk about Silicon Valley's history in industrial espionage, the tricky mechanics of intercepting and disabling chip shipments to the Soviet Union, why the U.S.S.R. was so keen on learning the market dynamics of computing in America, the risks for today's companies around insider threats, Wirecard and Jan Marsalek and finally, some thoughts on Xi Jinping and how China's rollup of the CIA's mainland intelligence network affected his leadership of America's current greatest adversary. Produced by Christopher Gates Music by George Ko
Today Justin is joined by Zach Dorfman. Zach is a national security reporter whose work has appeared in Politico, The Atlantic, The Wall Street Journal, The Los Angeles Times, and many other publications. He received his Bachelor's degree from Skidmore College and a Master's degree in International Relations and Affairs from the University of Chicago. Zach is a former senior fellow at the Carnegie Council for Ethics in International Affairs. He's also the host of the Spy Valley Podcast from Project Brazen, which debuted last year, about a Cold War era spy in the heart of Silicon Valley. This week he discusses his newest article, published on August 4th of this year. It's the story of Operation Entering, a highly successful and never before reported operation against Soviet bloc intelligence operatives targeting U.S. technology in the early 1980s.Connect with Zachthebrushpass1@protonmail.comTwitter/X: @zachsdorfmanSpy Valley Podcast: brazen.fm/podcasts/spy-valleyCheck out Zach's Politico story: "Moscow's Spies Were Stealing US Tech — Until the FBI Started a Sabotage Campaign" here.And his new Rolling Stone article: "The CIA Sent Him Deep Undercover to Spy on Islamic Radicals. It Cost Him Everything" here. Connect with Spycraft 101:Get Justin's latest book, Murder, Intrigue, and Conspiracy: Stories from the Cold War and Beyond, here.spycraft101.comIG: @spycraft101Shop: shop.spycraft101.comPatreon: Spycraft 101Find Justin's first book, Spyshots: Volume One, here.Check out Justin's second book, Covert Arms, here.Download the free eBook, The Clandestine Operative's Sidearm of Choice, here.A podcast from SPYSCAPE.A History of the World in Spy Objects Incredible tools and devices and their real-world use.Support the Show.
Welcome to a very special bonus episode of SpyCast, coming to you directly from the stage of the International Spy Museum. Last month, we hosted a live panel discussion in collaboration with our friends at Goat Rodeo who produced the new podcast, Spy Valley: An Engineer's Nuclear Betrayal, a series by Project Brazen and PRX. The riveting series tells the true story of James Harper, a Silicon Valley engineer turned spy who sold nuclear secrets to the Soviet Bloc. The series takes listeners on a journey of nuclear spying, technology theft, and double agents, with intelligence that might still help Moscow in a nuclear exchange today. Tune in to all six episodes of Spy Valley NOW to learn more! This live panel features moderator Sharon Weinberger, the national security and foreign policy editor at The Wall Street Journal, featuring Zach Dorfman, investigative journalist and host of Spy Valley; John Gibbons, who headed the United States Attorney's prosecution team in the case against James Harper; Dr. Raymond J. Batvins, Former Supervisory Special Agent and Counterintelligence Course Instructor at the Institute of World Politics; and Dr. Vince Houghton, Director of the National Cryptologic Museum and former historian at SPY. They'll explore how the tech capital of the world became a hotbed for Soviet Bloc spies and what James Harper's betrayal of his country has meant for modern day warfare. Thank you to our friends and collaborators at Goat Rodeo, Project Brazen, and PRX for their support of this program. Listen to the series here or wherever you get your podcasts.
In collaboration with SpyCast, this week on Spy Valley we're sharing a bonus episode recorded live at the International Spy Museum in Washington, DC. The panel was moderated by Sharon Weinberger, the national security and foreign policy editor at The Wall Street Journal, featuring Spy Valley host Zach Dorfman with Dr. Raymond J. Batvinis, a historian and former FBI Special Agent, John Gibbons, who headed the US Attorney's prosecution team in the case against James Harper, and nuclear historian and National Cryptologic Museum Director, Dr. Vince Houghton. For more espionage stories from the International Spy Museum, listen to SpyCast, hosted by the museum's Historian and Curator, Dr. Andrew Hammond. Spy Valley is a Project Brazen production. Subscribe to Brazen+ on Apple Podcasts or at brazen.fm/plus and get exclusive bonus episodes for Spy Valley and all our shows, as well as ad-free listening and early access to new podcasts. For more fearless storytelling, search for the Brazen channel on Apple Podcasts or visit brazen.fm, home to all our podcasts, documentaries and newsletters. At Brazen, we show you how the world really works – from espionage and corruption to deal-making and organised crime, we'll take you inside stories from hidden worlds.
The man codenamed “Caribou” plays a critical role in James Harper's story, but his own story remains in the shadows. In this bonus episode, Spy Valley host Zach Dorfman sits down with Hanna Kozlowska, journalist and translator of the Polish archives used in the series, to discuss Caribou's position as a mole for the US within the Polish spy service—and what happened when the Poles found out about his double-cross. Spy Valley is a Project Brazen production. Subscribe to Brazen+ on Apple Podcasts or at brazen.fm/plus and get exclusive bonus episodes for Spy Valley and all our shows, as well as ad-free listening and early access to new podcasts. For more fearless storytelling, search for the Brazen channel on Apple Podcasts or visit brazen.fm, home to all our podcasts, documentaries and newsletters. At Brazen, we show you how the world really works – from espionage and corruption to deal-making and organised crime, we'll take you inside stories from hidden worlds.
In May 1984, former U.S. Marine, engineer, and early Silicon Valley entrepreneur James Harper was sentenced to life in prison for his central role in an audacious scheme to sell a bevy of classified documents relating to U.S. missile defense to the Soviet bloc and its allies. Four decades later, his story was almost forgotten, until it was rediscovered and investigated by national security reporter Zach Dorfman with help from some of the men who helped catch Harper—and the spy himself. Now, with help from our friends at Goat Rodeo, Dorfman has turned this story into a six-part podcast series entitled “Spy Valley,” which takes a close look at Harper's seminal spy case. Lawfare Senior Editor Scott R. Anderson sat down with Dorfman to talk over Harper's story and what it can tell us about the relationship between America's national security and those working at the bleeding edge of technological development.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.
This week on The Sound, we're sharing a special preview of Spy Valley: An Engineer's Nuclear Betrayal. This new series uncovers Silicon Valley's origins as a laboratory for espionage. At the dawn of the hi-tech age, Moscow's spies opened up shop in San Francisco and Silicon Valley. In this podcast, you'll get to know the group of FBI spy hunters who assembled to stop them—and solve the case of a lifetime. Hosted by national security journalist Zach Dorfman, Spy Valley will walk you through a maze of technology theft, double agents, and unbelievable events that put an American engineer at the center of it all. There are new episodes of Spy Valley out now. To keep listening, search for Spy Valley: An Engineer's Nuclear Betrayal, wherever you get your podcasts. For more fearless storytelling visit brazen.fm, home to all our podcasts, documentaries and newsletters. At Brazen, we show you how the world really works – from espionage and corruption to deal-making and organised crime, we'll take you inside stories from hidden worlds.
In this bonus episode, we bring you an intimate conversation with Zach Dorfman, an award-winning intelligence and national security journalist and host of the podcast Spy Valley: An Engineer's Nuclear Betrayal. Recorded live at the Podcast Garage at KQED in San Francisco earlier this month, the conversation delved into the making of the podcast series and featured audio clips from the show. The discussion was moderated by Ian Enright, founder and CEO of Goat Rodeo and an executive producer of Spy Valley. Spy Valley is a new six-part podcast series from Project Brazen that explores the story of James Harper, a Silicon Valley engineer turned nuclear spy during the Cold War. - ABOUT THE SPEAKERS: Zach Dorfman is a National Security Writer and the Writer and Host of Spy Valley. He was previously a National Security Correspondent for Yahoo News and a Senior Staff Writer at the Aspen Institute. His work has appeared at Foreign Policy, Politico, The Atlantic, the Wall Street Journal, and elsewhere. He was also a Senior Fellow at the Carnegie Council for Ethics in International Affairs, where he spent over half a decade as a full-time staff editor. Dorfman is a past winner of the Gerald R. Ford Prize for Defense Reporting and a Livingston Award finalist. Ian Enright is the founder and CEO of Goat Rodeo, a creative podcasting company. As a senior audio producer and creative executive, Goat Rodeo's work includes award winning and groundbreaking podcasts such as The Report, Allies, Cornbread Mafia, and Long Shadow. He is an executive producer on Spy Valley. Spy Valley is a Project Brazen production. Subscribe to Brazen+ on Apple Podcasts or at brazen.fm/plus and get exclusive bonus episodes for Spy Valley and all our shows, as well as ad-free listening and early access to new podcasts. For more fearless storytelling, search for the Brazen channel on Apple Podcasts or visit brazen.fm, home to all our podcasts, documentaries and newsletters. At Brazen, we show you how the world really works – from espionage and corruption to deal-making and organised crime, we'll take you inside stories from hidden worlds.
This week on Gateway, we're sharing a special preview of Spy Valley: An Engineer's Nuclear Betrayal.This new series uncovers Silicon Valley's origins as a laboratory for espionage. At the dawn of the hi-tech age, Moscow's spies opened up shop in San Francisco and Silicon Valley. In this podcast, you'll get to know the group of FBI spy hunters who assembled to stop them—and solve the case of a lifetime. Hosted by national security journalist Zach Dorfman, Spy Valley will walk you through a maze of technology theft, double agents, and unbelievable events that put an American engineer at the center of it all. There are new episodes of Spy Valley out now. To keep listening, search for Spy Valley: An Engineer's Nuclear Betrayal, wherever you get your podcasts. To listen ad-free and get early access to new episodes, subscribe to Brazen+ in the Apple Podcasts app, or visit brazen.fm/plus to subscribe on other platforms.
The Cuban Missile Crisis is widely considered to be the closest the world has come to nuclear war. But while that crisis played out in public view, there was another close call that happened in the shadows. In this episode the story of Able Archer 83. Brian Morra is the author of “The Able Archers.” He has spent his career in intelligence and national security beginning with his time as a decorated Air Force Intelligence officer and through his many years as a senior executive in the aerospace and defense industry. Lt. Cdr. Steven Wills served for 20 years as an active-duty U.S. Navy officer, he served on a variety of small and medium surface combatants, including an assignment as the executive officer of a mine countermeasures ship. Further Reading Brian J. Morra, The Able Archers (Virginia Beach, VA: Köehler Books, 2022), https://www.koehlerbooks.com/book/the-able-archers/ Bernd Schaefer, Nate Jones, and Benjamin B. Fischer, “Forecasting Nuclear War,” Wilson Center, Cold War International History Project https://www.wilsoncenter.org/publication/forecasting-nuclear-war Zach Dorfman, “The Congressman Who Created His Own Deep State. Really.” Politico, December 2, 2018, https://www.politico.com/magazine/story/2018/12/02/larry-mcdonald-communists-deep-state-222726/.
Zach Dorfman discusses the modern intelligence world. The interview today was conducted by Sina Kashefipour and the show is produced by Chelsea Daymon and Sina Kashefipour. If you have enjoyed listening to The Loopcast please consider making a donation to the show through our Patreon. We greatly appreciate it.
When former Hong Kong Minister Patrick Ho was flying in to New York City's John F. Kennedy Airport in November of 2017, he was arrested by the FBI for bribery and money laundering charges. The first call he made was to James Biden, brother of the then former Vice President and now President. James Biden later said the call was a mistake, that Ho was actually trying to reach his nephew, the President's son Hunter Biden. And for good reason, newly authenticated documents show that Hunter Biden had gotten a million dollar retainer from Ho, just one tranche of as much as five million dollars that flowed to both Hunter and James Biden from the former Hong Kong official and his boss Ye Jianming, a billionaire oil tycoon with past ties to a front for the people's liberation army. The details of the Biden's relationship with Chinese interests emerged in fits and starts. Much of it originally dismissed because they were found on an abandoned laptop that former US intelligence officials suggested may have been a product of Russian disinformation. No evidence of that has yet been found on the material and recent reporting on the subject has caused some former counterintelligence officials to raise an intriguing but important national security question. Were the Biden's a target of a Chinese influence operation that needs to be fully investigated by the FBI. Coming during the same week that new disclosures that Jared Kushner former President Trump's son-in-law had secured two billion dollars in Saudi money for his investment fund. We talk to former FBI counterintelligence chief Frank Figliuzzi about the questionable dealings of Presidential family members and why they matter. GUEST:Zach Dorfman (@zachsdorfman), National Security Correspondent, @yahoonewsFrank Figliuzzi (@FrankFigliuzzi1), FBI Assistant Director (ret); NBC News National Security Analyst, AuthorHOSTS:Michael Isikoff (@Isikoff), Chief Investigative Correspondent, Yahoo NewsDaniel Klaidman (@dklaidman), Editor in Chief, Yahoo NewsVictoria Bassetti (@VBass), fellow, Brennan Center for Justice (contributing co-host)RESOURCES:Michael Isikoff & Zach Dorfman's latest piece on Hunter Biden/Jared Kushner - Here.Follow us on Twitter: @SkullduggeryPodListen and subscribe to "Skullduggery" on Apple Podcasts, Spotify, Google Podcasts or wherever you get your podcasts.Email us with feedback, questions or tips: SkullduggeryPod@yahoo.com. See acast.com/privacy for privacy and opt-out information.
Zach Dorfman is a national security journalist who has written extensively about the intelligence community. With Team House host Jack Murphy, they published an in-depth article about the Soleimani assassination in Baghdad. Dorfman's recent work has been about CIA activities in Ukraine.Today's Sponsors:Chill Boys Undieshttps://www.CHILLBOYS.com/Save 15% on your first order by using our discount code TEAM15 And keep the boys cool!https://www.CHILLBOYS.com/Ten Thousand Apparel https://www.TENTHOUSAND.cc/TEAMThe brand believes in being Better Than Yesterday, a stoic dedication to continuous improvement, not overnight success.GO TO :https://www.TENTHOUSAND.cc/TEAM for 15% OFF YOUR PURCHASE!Thank YOU for supporting the companies that support the show!For all bonus content including:-2 bonus episodes per month -Access to ALL bonus segments with our guestsSubscribe to our Patreon!
How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why? We've got a new study out showing that North American organizations, businesses, and others, are being hit with an average of 497 cyber attacks per week, right here in the good old USA. [Following is an automated transcript] This is a study by checkpoint software technologies. Checkpoint, I used, oh my gosh. It would have been back in the nineties back then. They were one of the very first genuine firewall companies. And it was a system that I was putting in place for my friends over at troopers. I think it was New England telephone. It might've been Verizon by then. I can't even remember, man. [00:00:41] It's been a little while, but it was, a system we were using in front of this massive system that I designed, I made the largest internet property in the world. At that time called big yellow. It morphed into super pages. It might be familiar with. But it was me and my team that did everything. We built the data center out. [00:01:05] We wrote all of the software. Of course they provided all of the yellow pages type listing so we can put it all in. And we brought it up online and we were concerned. Well, first of all, You know, I've been doing cyber security now for over 30 years. And at this point in time, they wanted something a little more than my home grown firewall. [00:01:29] Cause I had designed and written one in order to protect this huge asset that was bringing in tens of millions of dollars a year to the phone company. So they said, Hey, listen, let's go ahead and we'll use checkpoint and get things going. We did, it was on a little, I remember it was a sun workstation. If you remember those back in the. [00:01:52] And it worked pretty well. I learned how to use it and played with it. And that was my first foray into kind of what the rest of the world had started doing, this checkpoint software, but they've continued on, they make some great firewalls and other intrusions type stuff, detection and blocking, you know, already that I am a big fan, at least on the bigger end. [00:02:17] You know, today in this day and age, I would absolutely use. The Cisco stuff and the higher end Cisco stuff that all ties together. It doesn't just have the fire power firewall, but it has everything in behind, because in this day and age, you've got to look at everything that's happening, even if you're a home user. [00:02:37] And this number really gets everybody concerned. Home users and business users is. Businesses are definitely under bigger attacks than home users are. And particularly when we're talking about businesses, particularly the bigger businesses, the ones that have a huge budget that are going to be able to go out and pay up, you know, a million, $10 million ransom. [00:03:05] Those are the ones that they're after and this analysis. Point software who does see some of those attacks coming in, showed some very disturbing changes. First of all, huge increases in the number of cyber attacks and the number of successful ransoms that have been going on. And we're going to talk a little bit later, too, about where some of those attacks are coming from, and the reason behind those attack. [00:03:36] According to them right now, the average number of weekly attacks on organizations globally. So far, this year is 40% higher than the average before March, 2020. And of course that's when the first lockdowns went into effect and people started working from home in the U S the. Increase in the number of attacks on an organizations is even higher at 53%. [00:04:07] Now you might ask yourself why, why would the U S be attacked more? I know you guys are the best and brightest, and I bet it, I don't even need to say this because you can figure this out yourself, but the us is where the money is. And so that's why they're doing it. And we had president Biden come out and say, Hey, don't attack the. [00:04:27] well, some of those sectors are under khaki for more after he said that then before, right. It's like giving a list to a bad guy. Yeah. I'm going to be gone for a month in June and yeah, there won't be anybody there. And the here's the code to my alarm. Right. You're you're just inviting disaster checkpoints. [00:04:49] Also showing that there were more. Average weekly attacks in September 21. That's this September than any time since January, 2020. In fact, they're saying 870 attacks per organization globally per week. The checkpoint counted in September was double the average in March, 2020. It's kind of funny, right? [00:05:14] It's kind of like a before COVID after COVID or before the Wu Han virus and after the Wu Han virus, however, we might want to know. So there are a lot of attacks going on. Volume is pretty high in a lot of different countries. You've heard me say before some of my clients I've seen attack multiple times a second, so let's take a second and define the attack because being scanned. [00:05:40] I kind of an attack, the looking to see, oh, where is there a device? Oh, okay. Here's a device. So there might be a home router. It might be your firewall or your router at the business. And then what it'll do is, okay, I've got an address now I know is responding, which by the way is a reason. The, we always configure these devices to not respond to these types of things. [00:06:04] And then what they'll do is they will try and identify it. So they'll try and go into the control page, which is why you should never have when. Configuration enabled on any of your routers or firewalls, because they're going to come in and identify you just on that because all of a sudden them brag about what version of the software you're running. [00:06:26] And then if it's responding to that, they will try and use a password. That is known to be the default for that device. So in a lot of these devices, the username is admin and the password is admin. So they try it and now off they go, they're running. Some of these guys will even go the next step and we'll replace the software. [00:06:52] In your router or firewall, they will replace it so that it now directs you through them, everything you are doing through them. So they can start to gather information. And that's why you want to make sure that the SSL slash TLS. That encryption is in place on the website. You're going to, so if you go to Craig peterson.com right now, my website, I'm going to go there myself. [00:07:22] So if you go to Craig peterson.com, you're going to notice that first of all, it's going to redirect you to my secure site and it doesn't really matter. You won't see it. Okay. But you are there because if he. Typically at the left side of that URL bar where it says, Craig peterson.com. You'll see, there's a little lock. [00:07:44] So if you click that lock, it says connection is secure. Now there's a lot more we could go into here. But the main idea is even if your data is being routed through China or. Both of which have happened before many tens of thousands, hundreds of thousands of time times. I'm not even sure of the number now. [00:08:06] It's huge. Even if your data is being routed through them, the odds are, they're not going to see anything. That you are doing on the Craig Peterson site. Now, of course you go into my site, you're going to be reading up on some of the cybersecurity stuff you can do. Right. The outages what's happened in the news. [00:08:27] You can do all of that sort of thing on my side, kind of, who cares, right? Um, but really what you care about is the bank, but it's the same thing with the bank. And I knew mine was going to be up there. And when everybody just check it out anyway, so. So the bad guys, then do this scan. They find a web page log in. [00:08:47] They try the default log in. If it works, the Le the least they will do is change. What are called your DNS settings. That's bad because changing your DNS settings now opens you up to another type of attack, which is they can go ahead. And when your browser says, I want to go to bank of america.com. It is in fact, going to go out to the internet, say is bank of America, the bad guys. [00:09:18] Did, and they will give you their bank of America site that looks like bank of America feels like bank of America. And all they're doing is waiting for you to type into your bank of America, username and password, and then they might redirect you to the. But at that point, they've got you. So there are some solutions to that one as well, and Firefox has some good solutions. [00:09:44] There are others out there and you had to have those that are in the works, but this is just an incredible number. So here's what I'm doing, right. I have been working for weeks on trying to figure out how can I help the most people. And obviously I needed to keep the lights on, right? I've got to pay for my food and gas and stuff, but what I'm planning on doing and what we've sketched out. [00:10:10] In fact, just this week, we got kind of our final sketch out of it is we're going to go ahead and have a success path for cyber security. All of the basic steps on that success path will be. Okay. So it will be training that is absolutely 100% free. And I'll do a deeper dive into some of these things that I'm doing that I'm doing right now here on the radio, because you can't see my desktop. [00:10:40] It's hard to do a deep dive and it's open to anybody, right? If you're a home user or if you're a business user, all of the stuff on that free. Is going to help you out dramatically. And then after that, then there'll be some paid stuff like a membership site. And then obviously done for you. If the cybersecurity stuff is just stuff that you don't want to deal with, you don't have the time to deal with. [00:11:05] You don't want to learn, because believe me, this is something that's taken me decades to learn and it's changing almost every day. So I understand if you don't want to learn it to. That is the other option. I'll give you, which is done for you, which we've been doing now for over 20, 30 years. Stick around. [00:11:25] We'll [00:11:25] So which sectors are economy are being hacked? I mentioned that in the last segment, but yeah, there are some problems and the sectors that president Biden lined out laid out are, are the ones that are under, even more attack after his message. [00:11:42] 497 cyber attacks per week. On average here in the US, that is a lot of attacks. And we started explaining what that meant so that we talked about the scan attacks that are automated and some person may get involved at some point, but the automated attacks can be pretty darn automated. Many of them are just trying to figure out who you are. [00:12:09] So, if it shows up, when they do that little scan that you're using a router that was provided by your ISP, that's a big hint that you are just a small guy of some sort, although I'm shocked at how many bigger businesses that should have their own router, a good router, right. A good Cisco router and a really good next generation firewall. [00:12:34] I'm shocked at how many don't have those things in place, but when they do this, That's the first cut. So if you're a little guy, they'll probably just try and reflash your router. In other words, reprogram it and change it so that they can start monitoring what you're doing and maybe grab some information from. [00:12:56] Pretty simple. If you are someone that looks like you're more of a target, so they connect to your router and let's say, it's a great one. Let's say it's a Cisco router firewall or Palo Alto, or one of those other big companies out there that have some really good products. Uh, at that point, they're going to look at it and say, oh, well, okay. [00:13:18] So this might be a good organization, but when they get. To it again, if when access has turned on wide area, access has turned down, that router is likely to say, this is the property of, uh, Covina hospital or whatever it might be, you know? And any access is disallowed authorized access only. Well, now they know. [00:13:42] Who it is. And it's easy enough just to do a reverse lookup on that address. Give me an address anywhere on the internet. And I can tell you pretty much where it is, whose it is and what it's being used for. So if that's what they do say they have these automated systems looking for this stuff it's found. [00:14:02] So now they'll try a few things. One of the first things they try nowadays is what's called an RDP attack. This is a remote attack. Are you using RDP to connect to your business? Right? A lot of people are, especially after the lockdown, this Microsoft. Desktop protocol has some serious bugs that have been known for years. [00:14:25] Surprisingly to me, some 60% of businesses have not applied those patches that have been available for going on two years. So what then button bad guys will do next. They say, oh, is there a remote desktop access? Cause there probably is most smaller businesses particularly use that the big businesses have a little bit more expensive, not really much more expensive, but much better stuff. [00:14:51] You know, like the Cisco AnyConnect or there's a few other good products out there. So they're going to say, oh, well, okay. Let's try and hack in again. Automate. It's automated. No one has to do anything. So it says, okay, let's see if they patch, let's try and break in a ha I can get in and I can get into this particular machine. [00:15:14] Now there's another way that they can get into their moat desktop. And this apparently has been used for some of the bigger hacks you've heard about recently. So the other way they get in is through credential stuff. What that is is Hey, uh, there are right now some 10 billion records out on the dark web of people's names, email addresses, passwords, and other information. [00:15:43] So, what they'll do is they'll say, oh, well this is Covina hospital and it looks it up backwards and it says, okay, so that's Covina hospital.org. I have no idea if there even is a Gavino hospital, by the way, and will come back and say, okay, great. So now let's look at our database of hacked accounts. Oh, okay. [00:16:04] I see this Covina hospital.org email address with a password. So at that point they just try and stuff. Can we get in using that username and password that we stole off of another website. So you see why it's so important to be using something like one password, a password generator, different passwords on every site, different usernames on every site, et cetera, et cetera. [00:16:29] Right. It gets pretty important per te darn quickly. So now that they're in, they're going to start going sideways and we call that east west in the biz. And so they're on a machine. They will see what they can find on that machine. This is where usually a person gets some. And it depends in historically it's been about six days on average that they spend looking around inside your network. [00:17:00] So they look around and they find, oh yeah, great. Here we go. Yep. Uh, we found this, we found that. Oh, and there's these file server mounts. Yeah. These SMB shares the, you know, the Y drive the G drive, whatever you might call it. So they start gaining through those and then they start looking for our other machines on the network that are compromised. [00:17:23] It gets to be really bad, very, very fast. And then they'll often leave behind some form of ransomware and also extortion, where that extort you additionally, for the threat of releasing your data. So there, there are many other ways they're not going to get into them all today, but that's what we're talking about. [00:17:43] Mirman, we're talking about the 500 cyber attacks per week against the average. North American company. So we have seen some industry sectors that are more heavily targeted than others. Education and research saw an 60% increase in attacks. So their education and I've tried to help out some of the schools, but because of the way the budgets work and the lowest bidder and everything else, they, they end up with equipment. [00:18:17] That's just totally misconfigured. It's just shocking to me. Right. They buy them from one of these big box online places. Yeah. I need a, a Cisco 10, 10. And I need some help in configuring it and all, yeah, no problems or we'll help you. And then they sell it to the school, the school installs it, and it is so misconfigured. [00:18:38] It provides zero protection, uh, almost zero, right. It provides almost no protection at all. And doesn't even use the advanced features that they paid for. Right. That's why, again, don't buy from these big box. Guys just don't do it. You need more value than they can possibly provide you with. So schools, 1500 attacks per week research companies, again, 1500 attacks per week, government and military. [00:19:10] Entities about 1100 weekly attacks. Okay. That's the next, most highest attacked. Okay. Uh, health care organizations, 752 attacks per week on average. Or in this case, it's a 55% increase from last year. So it isn't just checkpoints data that I've been quoting here. That, that gives us that picture. There are a lot of others out there IBM's has Verizon's has all of these main guys, and of course in the end, They've got these huge ransoms to deal with. [00:19:50] Hey, in New Hampshire, one of the small towns just got nailed. They had millions of dollars stolen, and that was just through an email trick that they played in. K again. I T people, um, I I've been thinking about maybe I should put together some sort of coaching for them and coaching for the cybersecurity people, even because there's so much more that you need to know, then you might know, anyways, if you're interested in any of this. [00:20:22] Visit me online. Craig peterson.com/subscribe. You will get my weekly newsletter, all of my show notes, and you'll find out about these various trainings and I keep holding. In fact, there's one in most of the newsletters. Craig peterson.com. Craig Peterson, S O n.com. Stick around. [00:20:43] We've been talking about the types of attacks that are coming against us. Most organizations here in north America are seeing 500 cyber attacks a week, some as many as 1500. Now, where are they coming from? [00:21:00] Whether they're scanning attacks, whether they're going deeper into our networks and into our systems who are the bad guys and what are they doing? Microsoft also has a report that they've been generating, looking at what they consider to be the source of the attacks. Now we know a lot of the reasons I'm going to talk about that too, but the source is an interesting way to look at. [00:21:29] Because the source can also help you understand the reason for the attacks. So according to dark reading, this is kind of an insider, a website you're welcome to go to, but it gets pretty darn deep sometimes, but they are showing this stats from Microsoft, which you can find online that in the last year rush. [00:21:53] Has been the source of 58% of the cyber cat tax. Isn't that amazing now it's not just the cyber attacks. I, I need to clarify this. It's the nation state cyber tech. So what's a nature's nation state cyber attack versus I don't know, a regular cyber attack. Well, the bottom line is a nation state cyber attack is an attack that's occurring and is actually coordinated and run by and on behalf of a nation state. [00:22:31] Uh, So Russia at 58% of all nation state attacks is followed by North Korea, 23% Iran, 11% China, 8%. Now you probably would have thought that China would be. Right up there on that list, but Russia has 50% more of the nation state cyber attacks coming from them than from China. And then after China is south Vietnam, Viet, or I should say South Korea, Vietnam, and Turkey, and they all have less than 1%. [00:23:14] Now, this is this new pool of data that Microsoft has been analyzing. And it's part of this year's Microsoft digital defense report, and they're highlighting the trends in the nation state threat cyber activity hybrid workforce security. Disinformation and your internet of things, operational technology and supply chain security. [00:23:35] In other words, the whole gambit before, before all of this, now the data is also showing that the Russian nation state attacks are increasingly effective, calming from about a 21% successful compromise rate last year to 32%. So basically 50% better this year at effectiveness there, Russians are also targeting more government agencies for intelligence gathering. [00:24:10] So that jumped from 3% of their victims last year to 53%. This. And the Russian nation state actors are primarily targeting guests who us, right? The United States, Ukraine and the United Kingdom. Now this is all according to the Microsoft data. So why has Russia been attacking us? Why is China been attacking us and why the change this. [00:24:38] Well, Russia has been attacking us primarily to rent some us it's a cash cow for them just like oil and gas. They are making crazy money. Now that president Biden has made us dependent on foreign oil supplies. It's just insanity and even dependent on. Gas coming from other places. Well guess where the number one source of gases now for Europe and oil it's Russia. [00:25:08] So we are no longer going to be selling to Europe. Russia is so they're going to be making a lot of money off of. But before then they were actually counted on ransomware to help fund the Russian federal government, as well as of course, these Russian oligarchs, these people who are incredibly rich that have a substantial influence on the government. [00:25:33] Don't if you're wondering who they might be, just think of people like, oh, I don't know. Bill gates and, uh, w who are on the, some of the other big guys, you know, Tim cook, uh, Amazon's Jeff bayzos Elon Musk, right? Those are by my definition and looking it up in the dictionary, they are all a. They get exemptions to laws. [00:25:58] They get laws passed that, protect them. In fact, most of regulations actually protect these big companies and hurt small companies. So I would call them oligarchs and that's the same sort of thing in Russia in Russia. Okay. They probably have a little bit more underhanded stuff than these guys here do, but that's what Russia has been. [00:26:21] China has been continually going after our national secrets, national defense, the largest database of DNA of Americans DNA, of course, is that unique key. If you will building block for all of us, that's what DNA is. And the largest database of all of that uniquely identifying information is in. China stole from the office of personnel management records of a federal employees, their secret clearance, all of their background check information who was spoken with, what did they have to say? [00:27:03] And on and on. So China has been interested in infiltrating our businesses that provide things to the military and the military themselves and the federal state, and even the local governments that's who they've been targeting. And that's why there's 8% number might seem small. Although, as I just mentioned this year, Russia moved, moved dramatically. [00:27:30] They used to be about 3% of their attacks or against the government agencies. And now it's 53%. So Russia. And China are going after our national secrets and they can use them in a cold war, which as I've said, I think the first shots of the third world war have been fired. And frankly, they're all cyber, it's all online and Russia. [00:27:57] Isn't the only nation state actor who's changing its approaches here as espionage is the most common goal amongst all nation state groups as of this year. Tivity of hackers reveals different motivations in Iran, which quadrupled its targeting of Israel. Surprise, surprise. Over the last year. And Iran has been launching destructive attacks, things that will destroy power, power plants, et cetera, and North Korea, which is targeting cryptocurrency companies for profit. [00:28:29] So they're stealing these various crypto coins again, funding their government. So it's, it's a problem. Absolute problem. Government sectors are some of the most targeted 48%. These NGOs non-government organizations that act kind of a quasi government functions and think tanks are 31%. Uh, and Microsoft, by the way, has been alerting customers of nation, state attack, attack attempts. [00:29:01] Guess how many this year that they had to warn about 20,500 times in the past three years. So that's a lot and Microsoft is not a company that's been out there at the front lines. It never has been it's in behind. So to have them come out and say, this is. And okay, by the way, your stolen username and password run for a buck per thousand, and it's only gonna take you hundreds of hours to get it all cleared up. [00:29:32] Isn't that nice spear fishing for a hire can cost a hundred to a thousand dollars per successful account takeover and denial of service attacks are cheap from protected sites, roughly $300. Per month. And if you want to be ransomware king, it's only going to cost you 66 bucks upfront 30% of the profit. [00:29:54] Okay. Craziness. Hey, visit me online. Sign up Craig, peter.com/subscribe. [00:30:03] I had an interesting mastermind meeting this week. There's six of us. We're all business owners and it opened my eyes pretty dramatically because one of the members got hacked, but that's not what I really want to emphasize. [00:30:20] This whole cybersecurity thing gets pretty complicated, pretty quickly. And a friend of mine who is in one of my mastermind groups had a real problem. And the here's here's what went on. We'll call him Walt for back of a letter, lack of a better name since that is his name. [00:30:40] And he doesn't mind me sharing this with you. Walt has a very small business that he and his wife run, and they have a couple of contractors that help out with some things, but his business is very reliant on advertising and primarily what he does is Facebook advertising. Now I've been talking for two years, I think in this mastermind group about cyber security and the fact that everyone needs good cyber security. [00:31:13] And he always just kind of pole hum to, uh, wow. You know, and it's just too complicated for me. I got to thinking for a, you know, a bit, really a few weeks, what does he mean to complicated? Cause there's some basic things you can do. So this week on Tuesday, I was on our mastermind groups meeting and I explained, okay, so here's what happened to Walt. [00:31:42] He had $40,000 stolen, which by the way, it's a lot of money for a teeny tiny husband wife company. And. Uh, well, here's what we did. He, we helped them. We got the FBI involved and, you know, with our direct ties, cause we work with them on certain types of cases and he got back every dime, which is just totally unheard of. [00:32:06] But um, without going into all of the details there, I spent a problem. 1520 minutes with the whole group and the mastermind explaining the basics of cyber security. And that really kind of woke me up, frankly, because of their responses. Now these are all small business owners and so they're making pretty decent money. [00:32:31] In fact, every one of them and they all have some contractors and some employees all except for Walt and his wife, they had just have contractors and. I had two completely different responses from two members of this group that no. Let me tell you this was really eye opening for me. And this is why you might've heard me in the first segment talking about this, but this is why I have really changed my view of this stuff, this cybersecurity stuff, because I explained. [00:33:08] If you're using things like Norton antivirus or McAfee, antivirus, or really any of them, even the built-in Microsoft defender this year, those standard antivirus system. I have only been able to catch about 30% of the malware out there, 30%, you know, that's like having a house and you've got a security guard posted out front. [00:33:39] He's armed, he's ready to fight. And yet all of your windows are open and all of your doors are unlocked. And all someone has to do is crawl in the side window because that guy that's posted up front, he's not going to be able to stop. So 30% effectiveness. And of course, Walt had all of the basic stuff. [00:33:59] He thought he was good enough. It's not worth spending time or money doing any of this. And of course it turned out to be well worth the time and money if he had done it. But he has a friend who has contacts and, and made things happen for him. So I guess he's kind of, kind of lucky in that regard, but I explained that and I said, do you know the, the way you. [00:34:21] To go. If you're a small business, it's about $997 a month for a small business, with a handful of employees to get the type of security you really need. There's going to catch. 90 something 98%. Maybe if, if things go well of the stuff going on, in other words, you don't just have an armed guard at the front door. [00:34:46] You've got all the windows closed and blocked and the doors closed and locked as well. So yeah, somebody can still get in, but they got to really want to get in and risk getting caught. So that's kind of the analogy that I used now. One of the members of my. Of my mastermind thought, well, okay. Cause you're just being Frank with me. [00:35:09] Right? We're all friends. She said, well, initially I thought, oh Craig, I'm going to have to have you help out with stuff here. Cause my, you know, I'm concerned about my security. I make some good money. Uh, she's the one that has employee. She has a million dollar plus a year business and she wants to keep it safe. [00:35:26] But then she. Uh, you know, but, but you know, you were talking about all of this Norton and stuff and that it doesn't work. So I, I just, I don't have any hope. And that's when the another member jumped in and this other member said, well, Uh, oh, that's not what I got at all. I got the, the normal off the shelf stuff that you buy that you're going to get from Amazon, or you're going to get from PC connection or wherever that stuff is not going to work, but there is stuff that does, but it's only professional stuff. [00:36:02] You can only get it from professionals that are trained in certified. Which is the right message. Right. That was the message I was trying to relay. Yeah. Don't try and do it yourself because you can't even get the right tools that you need. That is frankly a problem. So that really got me to think. In, in a very big way, because here are two people that have heard me talk about cybersecurity and their eyes probably glazed over, but now their eyes, I know at least one of these ladies definitely glazed over. [00:36:36] So I've come to the realization that sometimes I. A little too deep into things. And although I can explain it quite well to many people, sometimes people glaze over and I get emails from you guys saying kind of the same thing. I really appreciate it. I don't understand a lot of what you're saying, Craig, but thanks for being there. [00:36:59] Listen to you every week here on the radio. Uh, then that's good. That's reassuring, but now I've come to realize a few things. One is. The I've got to be a lot clearer in my messaging, because even when talking to my friends, it is a little bit overwhelming for them sometimes. Right. And then the next thing is everybody needs help because you're being lied to. [00:37:29] Right. How are people getting ransomware? If the stuff that they're buying work. Maybe it's just me, but I think there's a disconnect there. So a lot of you guys have gone out and you've hired people and I want to spend just a few minutes right now, going through some red flags that you need to be looking out for in vendor security assessment. [00:37:56] Now I'm putting one together. As well, right yet another one. Uh, and what I'm trying to do is help you out, right? This is not as sales tool. It is trying to help you figure out where you're at. I'm putting together a webinar that I'm going to be holding these what I'm calling bootcamps, where I go through and show you exactly how to do the basic steps that you need to do in order to be safe on. [00:38:25] Okay. If an online, all that means is your, is plugged in, right. Okay. It doesn't mean you're going out and doing a lot of stuff out there on the internet just means it's connected. So those are going to be coming out. I will send an email out as soon as all of that. Stuff's ready. Cause. Absolutely free. And these assessments, I have the basic one that you can do yourself. [00:38:47] It's a self-assessment. And then I have the more advanced ones that I do that are five grand. Okay. So you've got to be a decent sized business for this to make sense where we look for all of the security problem. On all of your computers and your networks, and then give you a list of things you need to do and how to do them. [00:39:10] Okay. So it's well worth it for them, but if you're a very small company and you're trying to do some of this yourself, I want to help you. So that's what these boot camps are going to be all over. And also what the scorecard is going to be all about. So that's coming up, but here are some good red flags and an assessment. [00:39:30] I found this again on dark reading. This is kind of an insider website for those of us in the cybersecurity business, but, um, How can you verify the information that vendors are giving you about their own cybersecurity posture? We've heard in the news and I've talked about them all year, this year, and for years past. [00:39:56] That are we're vendors can be our worst nightmare because some of these hacks come in through our vendors. So you've got yourself, a cybersecurity company. How do you know if they are really telling you the truth? And man, is that hard for you to know? Right. You're going to ask him questions and the salesmen are going to say, oh yeah, yeah, yeah. [00:40:21] That's why we don't have salesmen. Right. We have engineers. You talk to me, you might talk to my son or my daughter, people who have been doing this with me, who I have trained and helped out. So this guy who wrote the article and there's this on attributed, I don't see an attribution on here on this page. [00:40:41] I definitely want to give him, probably I heard is John Babinec wrote this thing and he is a principle threat hunters. What he calls himself over at net and rich. So he says, here's what you got to do. And if you're trying to be cost-effective, he puts it in. What I call an ed month clause. And one of these days I'll tell you that story, but he calls it a validity check question so that an honest vendor would tell you, no, they don't do X and give you a good reason why they don't like it's not cost effective. [00:41:17] It's outside of a reasonable risk model. Does that make sense to you? So when you're trying to evaluate a vendor, who's going to be doing your cyber security put in one of these validity checks put in one of these questions. It doesn't really matter to you, but it's something that would be very hard for one of these cybersecurity companies to do. [00:41:42] And maybe it doesn't fit the risk model that you have. I think it's just absolutely brilliant. Probably one of the better ways when you're trying to evaluate an MSSP as cybersecurity managed or otherwise provider stick in something like that. So you have a red flag that just stands out for you. All right. [00:42:04] Make sure you are registered online. Craig Peter sohn.com/subscribe. So you can find out about all of these trainings coming up. [00:42:17] If you've never heard of the Carrington event, I really hope, frankly, I really, really do hope we never have to live through one of these. Again, there is a warning out there right now about an internet apocalypse that could happen because of the Sun. [00:42:34] Solar storms are something that happens really kind of all of the time. The sun goes through solar cycles. About every seven years, there are longer cycles as well. You might know. I have an advanced class amateur radio license I've had for a long time, and we rely a lot when we're dealing with short wave on the solar cycle. [00:42:59] You see what happens is that the sun charges, the atmosphere. You see that if you've ever seen the Northern light, that is. Part of the Sunzi missions, hitting our magnetic field and kind of getting sucked into the core of the earth, if you will, as they get caught in that field. And the more charged the atmosphere is, the more bounce you get. [00:43:24] That's what we call it bounce. And the reason us hams have all these different frequencies to use is because of the battle. We can go different frequencies with different distances, I should say, using different frequencies. So think about it right now. You've got the earth and I want to talk from Boston to Chicago. [00:43:47] For instance, I know about how many miles it is, and I have to figure out in the ionosphere up in the higher levels of the atmosphere, what frequency. To use in order to go up into the atmosphere, bounce back, and then hit Chicago. That's the idea. It's not quite as simple or as complex in some ways, as it sounds, a lot of people just try different frequencies and a lot of hams just sit there, waiting for anybody anywhere to talk to, particularly if they are. [00:44:20] It's really quite fun. Now what we're worried about, isn't so much just the regular solar activity. We get worried when the sun spots increase. Now, the solar cycle is what has primary image. On the temperature on earth. So no matter what, you might've heard that isn't your gas, guzzling car or a diesel truck that causes the Earth's temperature to change. [00:44:49] Remember the only constant when it comes to the Earth's temperature has been changed over the millions of years. We had periods where the earth was much warmer than it is now had more common that carbon dioxide in the atmosphere than it does now had less. In fact, right now we are at one of the lowest levels of carbon dioxide in the atmosphere in earth, long, long. [00:45:15] So the sun, if you might remember, comes up in the morning, warms things up, right? And then it cools down. When the sun disappears at nighttime, it has a huge impact. It's almost exclusively the impact for our temperatures. If there's other things too, for instance, eruption can spew all to hold a lot of carbon dioxide. [00:45:40] In fact, just one, just Mount St. Helens wanted erupted, put more carbon dioxide into the atmosphere than man has throughout our entire existence. Just to give you an idea, right? So these alarms that are out there, uh, you know, come on, people. Really, and now we're seeing that in, uh, this last year we had a 30% increase in the ice cap up in the, in, up in the north, up in Northern Canada, around the polls. [00:46:12] Uh, we also had some of these glaciers growing. It was so funny. I saw an article this year, or excuse me, this week that was showing a sign that was at one of our national parks. And it said this glacier will have disappeared by 2020. Of course it hasn't disappeared. In fact, it has grown now and it's past 2020. [00:46:34] Anyhow, the sun has a huge impact on us in so many ways. And one of the ways is. Well, something called a coronal mass ejection. This is seriously charged particles. That tend to be very, very directional. So when, when it happens, when there's one of these CMS coronal, mass ejections, it's not just sending it out all the way around the sun everywhere. [00:47:02] It's really rather concentrated in one. One particular spot. Now we just missed one not too long ago. And let me see if I can find it here. Just mast, a cm E near miss. Here we go. There a solar super storm in July, 2012, and it was a very, very close shave that we had most newspapers didn't mention it, but this could have been. [00:47:33] AB absolutely incredible. We'd be picking up the pieces for the next 50 years. Yeah. Five, zero years from this one particular storm. And what happens is these, these solar flares, if you will, are very, very extreme, they CME. You're talking about x-rays extreme UV, ultraviolet radiation, reaching the earth at the speed of light ionizes, the upper layers of atmosphere. [00:48:02] When that happens, by the way, it hurts our communications, but it can also have these massive effects where it burns out saddle. And then causes radio blackouts, GPS, navigation problems. Think about what happened up in Quebec. So let me just look at this call back, uh, hit with an E and yeah, here we go. And March 13th, 1989. [00:48:33] Here we go. Here's another one. Now I remembered. And this is where Quill back got nailed. I'm looking at a picture here, which is, uh, looking at the United States and Canada from the sky and where the light is. And you can see Quebec is just completely black, but they have this massive electrical blackout and it's becomes. [00:48:57] Of this solar storm. Now they, these storms that I said are quite directional, depending on where it hits and when it hits things can get very, very bad. This particular storm back in 1989 was so strong. We got to see their Rora Borealis, the Northern lights as far south, as Florida and cue. Isn't that something, when we go back further in time to this Carrington event that I mentioned, you could see the Northern lights at the equals. [00:49:35] Absolutely amazing. Now the problem with all of this is we've never really had an internet up online. Like we have today when we had one of the storms hit. And guess what we're about to go into right now, we're going into an area or a time where the sun's going to be more active, certainly on this, this 11 year cycle and possibly another bigger cycle too, that we don't really know much about. [00:50:07] But when this hit us back in the 1850s, what we saw was a, uh, a. Telegraph system that was brought to its knees. Our telegraphs were burned out. Some of the Telegraph buildings were lit. They caught on fire because of the charges coming in, people who were working the telegraphs, who are near them at the time, got electric shocks or worse than that. [00:50:34] Okay. 1859 massive Carrington event compass needles were swinging wildly. The Aurora Borealis was visible in Columbia. It's just amazing. So that was a severe storm. A moderate severity storm was the one that hit in Quebec here, knocked out Quebec, uh, electric. Nine hour blackout on Northeast Canada. What we think would happen if we had another Carrington event, something that happened to 150 years ago is that we would lose power on a massive scale. [00:51:13] So that's one thing that would happen. And these massive transformers that would likely get burned out are only made in China and they're made on demand. Nobody has an inventory. So it would be at least six months before most of the country would get power back. Can you believe that that would be just terrible and we would also lose internet connectivity. [00:51:39] In fact, the thinking that we could lose internet connectivity with something much less than a severe storm, maybe if the Quebec power grid solar, a massive objection here. Maybe if that had happened, when. The internet was up. They might have burned out internet in the area and maybe further. So what we're worried about is if it hits us, we're going to lose power. [00:52:07] We're going to lose transformers on the transmission lines and other places we're going to lose satellites and that's going to affect our GPS communication. We're going to lose radio communication, and even the undersea cables, even though they're now no longer. Regular copper cables. It's now being carried of course, by light in pieces of glass. [00:52:32] The, those cables need to have repeaters about every 15 miles or so under underwater. So the power is provided by. Copper cables or maybe some other sort of power. So these undersea cables, they're only grounded at extensive intervals, like hundreds or thousands of kilometers apart. So there's going to be a lot of vulnerable components. [00:52:59] This is all a major problem. We don't know when the next massive. Solar storm is going to happen. These coronal mass ejections. We do know they do happen from time to time. And we do know it's the luck of the draw and we are starting to enter another solar cycle. So be prepared, everything. Of course, you're listening to Craig Peterson, cybersecurity strategist. [00:53:28] If you'd like to find out more and what you can do, just visit Craig peterson.com and subscribe to my weekly show notes. [00:53:39] Google's got a new admission and Forbes magazine has an article by Zach Dorfman about it. And he's saying you should delete Google Chrome now after Google's newest tracking admission. So here we go. [00:53:55] Google's web browser. Right? It's been the thing for people to use Google Chrome for many years, it's been the fastest. Yeah, not always people kind of leapfrog it every once in a while, but it has become quite a standard. Initially Microsoft is trying to be the standard with their terrible browser and yeah, I to Exploder, which was really, really bad and they have finally completely and totally shot it in the head. [00:54:29] Good move there on their part. In fact, they even got rid of their own browser, Microsoft edge. They shot that one in. They had to, I know I can hear you right now saying, oh, Craig, I don't know. I just use edge browser earlier today. Yeah. But guess what? It isn't edge browser. It's actually Google Chrome. The Microsoft has rebranded. [00:54:52] You see the guts to Google Chrome are available as what's called an open source project. It's called chromium. And that allows you to take it and then build whatever you want on top of. No, that's really great. And by the way, Apple's web kit, Kat is another thing that many people build browsers on top of and is part of many of these browsers we're talking about right now, the biggest problem with the Google Chrome. [00:55:22] Is they released it so they could track you, how does Google make its money? Well, it makes us money through selling advertising primarily. And how does it sell advertising if it doesn't know much or anything about you? So they came out with the Google Chrome browser is kind of a standard browser, which is a great. [00:55:43] Because Microsoft, of course, is very well known for not bothering to follow standards and say what they have is the actual standard and ignoring everybody else. Yeah. Yeah. I'm picking on Microsoft. They definitely deserve it. Well, there is what is being called here in Forbes magazine, a shocking new tracking admission from. [00:56:05] One that has not yet made headlines. And there are about what 2.6 billion users of Google's Chrome worldwide. And this is probably going to surprise you and it's frankly, Pretty nasty and it's, I think a genuine reason to stop using it. Now, as you probably know, I have stopped using Chrome almost entirely. [00:56:31] I use it when I have to train people on Chrome. I use it when I'm testing software. There's a number of times I use it, but I don't use. The reality is the Chrome is an absolute terror. When it comes to privacy and security, it has fallen way behind its rivals in doing that. If you have an iPhone or an iPad or a Mac, and you're using safari, apple has gone a long ways to help secure your. [00:57:09] Well, that's not true with Chrome. In fact, it's not protecting you from tracking and Dave up data harvesting. And what Google has done is they've said, okay, well, we're going to get these nasty third party cookies out of the whole equation. We're not going to do that anymore. And what they were planning on doing is instead of knowing everything specifically. [00:57:34] You they'd be able to put you in a bucket. So they'd say, okay, well you are a 40 year old female and you are like driving fast cars and you have some kids with a grandkid on the way, and you like dogs, not cats, right? So that's a bucket of people that may be a few hundred or maybe up to a thousand. As opposed to right now where they can tell everything about you. [00:58:04] And so they were selling that as a real advantage because they're not tracking you individually anymore. No, we're putting you in a bucket. Well, it's the same thing. Right. And in fact, it's easier for Google to put you in a bucket then to track everything about you and try and make assumptions. And it's easier for people who are trying to buy ads to place in front of you. [00:58:28] It's easier for them to not have to kind of reverse engineer all of the data the Google has gathered in instead of. To send this ad to people that are in this bucket and then that bucket. Okay. It makes sense to you, but I, as it turns out here, Google has even postponed of that. All right. They really have, they're the Google's kind of hiding. [00:58:54] It's really what's going on out there. Uh, they are trying to figure out what they should do, why they should do it, how they should do it, but it's, it's going to be a problem. This is a bad habit. The Google has to break and just like any, anybody that's been addicted to something it's going to take a long time. [00:59:16] They're going to go through some serious jitters. So Firefox is one of the alternatives and to Google Chrome. And it's actually a very good one. It is a browser that I use. I don't agree with some of the stuff that Mozilla and Firefox does, but again, right. Nobody agrees on everything. Here's a quote from them. [00:59:38] Ubiquitous surveillance harms individually. And society Chrome is the only major browser that does not offer meaningful protection against cross cross site tracking and Chrome will continue to leave users unprotected. And then it goes on here because. Uh, Google response to that. And they admit that this massive web tracking out of hand and it's resulted in, this is a quote from Google and erosion of trust, where 72% of people feel that almost all of what they do online is being. [01:00:19] By advertisers, technology firms or others, 81% say the potential risks from data collection outweigh the benefit by the way, the people are wrong. 72% that feel almost all of what they do on online is being tracked. No, no. The answer is 100% of what you do is probably being tracked in some way online. [01:00:41] Even these VPN servers and systems that say that they don't do log. Do track you take a look at proton mail just last week. Proton mail it's in Switzerland. Their servers are in Switzerland. A whole claim to fame is, Hey, it's all encrypted. We keep it safe. We don't do logging. We don't do tracking, uh, guess what they handed over the IP addresses of some of the users to a foreign government. [01:01:10] So how can you do that? If you're not logging, if you're not tracking. Yeah, right. They are. And the same thing is true for every paid VPN service I can think of. Right. So how can Google openly admit that their tracking is in place tracking everything they can, and also admit that it's undermining our privacy and. [01:01:38] Their flagship browser is totally into it. Right? Well, it's really, it's gotta be the money. And Google does not have a plan B this anonymized tracking thing that they've been talking about, you know, the buckets that I mentioned, isn't realistic, frankly. Uh, Google's privacy sandbox is supposed to Fitbit fix it. [01:02:00] I should say. The, the whole idea and the way it's being implemented and the way they've talked about it, the advertisers on happy. So Google's not happy. The users are unhappy. So there you go. That's the bottom line here from the Forbes article by Zach Dorfman, delete Google Chrome. And I said that for a long time, I do use some others. [01:02:27] I do use Firefox and I use. Which is a fast web browser, that some pretty good shape. Hey, if you sign up for my show's weekly newsletter, not only will you get all of my weekly tips that I send to the radio hosts, but you will get some of my special reports that go into detail on things like which browser you shouldn't be using. [01:02:52] Sign up right now. Craig peterson.com. [01:02:57] Many businesses have gone to the cloud, but the cloud is just another word for someone else's computer. And many of the benefits of the cloud just haven't materialized. A lot of businesses have pulled back and are building data centers again. [01:03:14] The reason I mentioned this thing about Microsoft again, and the cloud is Microsoft has a cloud offering. [01:03:23] It's called Microsoft Azure. Many people, many businesses use it. We have used it with some of our clients in the past. Now we have some special software that sits in front of it that helps to secure. And we do the same thing for Amazon web services. I think it's important to do that. And we also use IBM's cloud services, but Microsoft is been pitching for a long time. [01:03:51] Come use our cloud services and we're expecting here probably within the next month, a big announcement from Microsoft. They're planning on making it so that you can have your desktop reside in Microsoft's cloud, in the Azure cloud. And they're selling really the feature of it doesn't matter where you are. [01:04:17] You have your desktop and it doesn't matter what kind of computer you're on. As long as you can connect to your desktop, using some just reasonable software, you will be able to be just like you're in front of a computer. So if you have a Chromebook or a Mac, Or a windows or tablet, whatever, and you're at the grocery store or the coffee shop or the office, you'll be able to get it, everything, all of your programs, all your files. [01:04:47] And we, Microsoft will keep the operating system up to date for you automatically a lot of great selling points. And we're actually looking into that. Not too heavily yet. We'll give them a year before we really delve into it at all. Cause it takes them a while to get things right. And Microsoft has always been one that adds all kinds of features, but most of the time, most of them don't work and we can, we can document that pretty easily, even in things like Microsoft. [01:05:18] Well, the verge is now reporting that Microsoft has warned users of its as your cloud computing service, that their data has been exposed online for the last two years. Yeah, let me repeat that in case you missed it, you, uh, yeah. I'm I'm I might've misspoken. Right. Uh, let me see, what does it say? It says, um, users of Azure cloud competing service. [01:05:48] So that's their cloud. Microsoft's big cloud. Okay. Um, their data has been. Exposed online. Okay. So that means that people could get the data, maybe manipulate the data that sort of exposed means for the last two years. Are you kidding me? Microsoft is again, the verge. Microsoft recently revealed that an error in its Azure cosmos database product left more than 3,300 as your customers data. [01:06:24] Completely exposed. Okay guys. So this, this, this is not a big thing, right? It can't possibly be big thing because you know who uses Azure, right. Nobody uses a zer and nobody uses hosted databases. Come on, give me a break. Let me see, what else does this have to say? Oh, okay. It says that the vulnerability was reported, reportedly introduced into Microsoft systems in 2019, when the company added a data visualization feature called Jupiter notebook to cosmos DB. [01:06:59] Okay. Well, I'm actually familiar with that one and let's see what small companies let's see here. Um, some Azure cosmos DB clients include Coca Cola. Liberty mutual insurance, Exxon mobile Walgreens. Hmm. Let me see. Could any of these people like maybe, maybe Liberty mutual insurance and Walgreens, maybe they'd have information about us, right. [01:07:26] About our health and social security numbers and account numbers and credit cards. Names addresses. Right, right. That's again, why I got so upset when these places absolutely insist on taking my social security number, right? It, it, first of all, when it was put in place, the federal government guaranteed, it would never be used for anything other than social security. [01:07:53] And the law even said it could not be used for anything other than social security. And then the government started expanding it. Right. And the IRS started using it. To track all of our income and you know, that's one thing right there, the government computers, they gotta be secure. Right. All of these breaches we hear about that. [01:08:12] Can't be true. Uh, so how about when the insurance company wants your personal information? Like your social security number? What business is it of? There's really no. Why do they have to have my social security number? It's a social security number. It's not some number that's tattooed on my forehead. [01:08:36] That's being used to track me. Is it this isn't a socialist country like China is, or the Soviet union was right. It's not socially. So why are they tracking us like that? Walgreens? Why do they need some of that information? Why does the doctor that you go to that made the prescription for Walgreens? Why do they need that information? [01:09:00] And I've been all over this because they don't. Really need it. They want, it makes their life easier, but they don't really need it. However, it exposes us. Now, if you missed the email, I sent out a week ago, two weeks ago now, I guess. You missed something big because I, in my weekly newsletter went through and described exactly what you could do in order to keep your information private. [01:09:35] So in those cases where websites asking for information that they don't really need, right? You don't want to lie, but if they don't really need your real name, why you're giving them your real name? Why do you use a single email address? Why don't you have multiple addresses? Does that start make sense to you guys? [01:09:54] And now we find out that Microsoft Azure, their cloud services, where they're selling cloud services, including a database that can be used online, a big database, uh, 3,300 customers looks like some of them are actually kind of big. I don't know. ExxonMobil pretty big. Yeah. I think so. Walgreens, you think that that might be yeah, yeah, yeah, yeah. [01:10:22] Y. Why are we trusting these companies? You know it, if you have a lot of data, a lot of customers, you are going to be a major target of nation states to hack you and bat just general hackers, bad guys. But you're also, if, if you've got all this information, you've also got to have a much higher level of security than somebody that doesn't have all of that information. [01:10:52] Does that make sense too? Did I say that right? You don't need the information and, and I've got to warn anybody that's in a business, whether you're a business owner or you're an employee, do not keep more data than you need the new absolutely need to run your company. And that includes data about your customers. [01:11:16] And maybe, maybe it's even more specifically data about your customer. Because what can happen is that data can be stolen and we just found. That? Yes, indeed. It could have been, it was exposed Microsoft the same. We don't know how much it was stolen. If anything was stolen. Um, yeah, Walgreens. Hey, I wonder if anyone's going to try and get some pain pills illegally through, uh, this database hack or a vulnerability anyways. [01:11:47] All right, everyone. Stick around. We'll be back. Of course, you listening to Craig Peterson. I am a cybersecurity strategist for business, and I'm here to help you as well. You can ask any question any time, uh, consumers are the people I help the most, you know, I wish I got a dime for every time I answered a question. [01:12:09] Just email me@craigpeterson.com me@craigpeterson.com and stick around. [01:12:18] Whether or not, you agree with the lockdown orders that were put in place over this COVID pandemic that we had. Uh, there are some other parts of the world that are doing a lot more. [01:12:34] Australia has, I don't know. I think that they went over the deep end. The much, the same thing is true right next door to them. [01:12:45] And I am looking at a report of what they are doing with this new app. Uh, you might be aware that both apple and Google came out with an application programming interface. That could be used for contract tack tracking, contact tracking. There you go. Uh, it wasn't terribly successful. Some states put some things in place. [01:13:13] Of course you get countries like China. I love the idea because heaven forbid you get people getting together to talk about a Tannen square remembrance. Now you want to know who all of those people were, who were in close proximity, right? So, you know, good for China a while, as it turns out, Australia is putting something in place they have yet another COVID lockdown. [01:13:39] They have COVID quarantine orders. Now I think if you are sick, you should stay on. I've always felt that I, you know, I had 50 employees at one point and I would say, Hey, if you're sick, just stay home. Never required a doctor's note or any of that other silliness, come on. People. If someone's sick, they're sick and let them stay home. [01:14:04] You don't want to get everybody else in the office, sick and spread things around. Right. Doesn't that just kind of make sense. Well, they now in Australia, don't trust people to stay home, to get moving. Remember China, they were, they were taking welders and we're going into apartments in anybody that tested positive. [01:14:22] They were welding them into their apartment for minimum of two weeks. And so hopefully they had food in there and they had a way to get fresh water. Australia is not going quite that far, but some of the states down under. Using facial recognition and geolocation in order to enforce quarantine orders and Canada. [01:14:47] One of the things they've been doing for very long time is if you come into the country from out of the country, even if you're a Canadian citizen, you have to quarantine and they'll send people by your house or you have to pay to stay for 10 days in a quarantine hope. So you're paying the course now inflated prices for the hotel, because they're a special quarantine hotel. [01:15:14] You have to pay inflated prices to have food delivered outside your door. And that you're stuck there for the 10 days, or if you're at home though, they, you know, you're stuck there and they'll send people by to check up on you. They'll make phone calls to check up on you and. They have pretty hefty find. [01:15:36] Well, what Australia has decided to do is in Australia is Charlene's even going from one state to another state are required to prove that they're obeying a 14 day quarantine. And what they have to do is have this little app on their phone and they, the app will ping them saying, prove it. And then they have to take a photo of themselves with geo location tag on it and send it up via the app to prove their location. [01:16:15] And they have to do all of that within 15 minutes of getting the notification. Now the premier of the state of south Australia, Steven Marshall said we don't tell them how often or when on a random basis, they have to reply within 15 minutes. And if you don't then a police, officer's going to show up at the address you're supposed to be at to conduct an in-person check. [01:16:43] Very very intrusive. Okay. Here's another one. This is a, an unnamed government spokesperson who was apparently speaking with Fox news quote. The home quarantine app is for a selected cohort of returning self Australians who have applied to be part of a trial. If successful, it will help safely ease the burden of travel restrictions associated with the pandemic. [01:17:10] So there you go. People nothing to worry about. It's just a trial. Uh, it will go away. Uh, just like, uh, for instance, income tax, as soon as rule, number one is over, it will be removed and it will never be more than 3% and it will only apply to the top 1% of wage-earners. So there you go. Right. And we all know that world war one isn't over yet. [01:17:34] Right. So that's why they still have it in somehow. Yeah, some of the middle class pays the most income tax. I don't know. Interesting. Interesting. So there you go. Little news from down under, we'll see if that ends up happening up here. News from China, China has, uh, China and Russia have some interesting things going on. [01:17:55] First of all, Russia is no longer saw. Country, they kind of are. They kind of aren't, they are a lot freer in many ways than we are here in the United States. Of course, China, very heavily socialist. In fact, they're so socialists, they are communist and China. And Russia both want their kids to have a very good education in science, engineering, and mathematics. [01:18:23] Not so much on history, not so much on, on politics. Right. But definitely heavy on the, on the sciences, which I can see that makes all the sense. I think everybody should be pretty heavily on the science. Well, according to the wall street journal this week, gamers under the age of 18 will not be allowed to play online games between 8:00 PM and 9:00 PM on Friday, Saturdays and Sundays. [01:1
CIA Director Mike Pompeo back in April 2017 depicted Wikileaks as a grave threat to American national security. He also called it a Non-State Hostile Intelligence Service was a grabby rhetorical talking point However, with some exclusive reporting from the Yahoo News Team - Zach Dorfman, Sean Naylor, & Michael Isikoff - Pompeo's branding opened the door for the CIA to plan all sorts of extreme measures to dismantle the organization. Including a snatch operation to kidnap the group's leader Julian Assange, then holed up in the Ecuadorian Embassy in London, and possibly to even assassinate him.This and so much more uncovered including a plan for a gun battle on the streets of London. Zach Dorfman joins to break it all down.GUEST:Zach Dorfman (@zachsdorfman), National Security Correspondent @yahoonews, Former Senior Staff Writer @aspencyberHOSTS:Michael Isikoff (@Isikoff), Chief Investigative Correspondent, Yahoo NewsDaniel Klaidman (@dklaidman), Editor in Chief, Yahoo NewsVictoria Bassetti (@VBass), fellow, Brennan Center for Justice (contributing co-host) RESOURCES:Yahoo News Article Inside the CIA's secret war plans against Wikileaks - Here.Follow us on Twitter: @SkullduggeryPodListen and subscribe to "Skullduggery" on Apple Podcasts, Spotify, Google Podcasts or wherever you get your podcasts.Email us with feedback, questions or tips: SkullduggeryPod@yahoo.com. See acast.com/privacy for privacy and opt-out information.
Do You Know How to Identify a Fake Web Page? The FBI's reporting that more than 70% of all business hacks are because of our employees. They're clicking on emails, they're going to websites, what can we do? How do we know if a website is legitimate or not? [Automated transcript] [00:00:19] There's a great little article that McAfee published now, McAfee is a company that's been in the cybersecurity business for quite a while. [00:00:28] I do not use their products. I use some competing products. I have not been impressed with their products. [00:00:35] Let me tell you this particular web post that they put up is fantastic and you'll see it in my newsletter this week. Make sure you get that. [00:00:45] Have you ever come across a website that didn't look quite right if you haven't, you haven't been on the internet very much because whether you're an individual at home or you are in a business environment, we are likely going to end up on websites that are not legitimate. Sometimes we'll see these things, that company logo might be wrong. There's not enough information on the page. You've been there before and this looks down page. The odds are that you were on a hack site, a site that's trying to get you to do something most of the time when you end up on these sites, they're trying to get you to put in your username and password. [00:01:31] Already that the bad guys have stolen your username and password from so many websites out there. So why would they try and do it this way? It's because if they're pretending to be your bank and you try and log in, They know this as your bank account, and many times they immediately try and get into your bank account or your phone account, whatever it might be. [00:01:56] This is a very long-standing tactic that's relied on by hackers everywhere. Usually it's a knockoff of a real page. They'll take it and they will recreate it. Then it's easy to do if you're in a web browser right now, when you go to your bank's website. You can just go to file, save as, and go ahead and save the entire webpage and you'll get everything. [00:02:23] You'll get all of the links that are on there. All of the graphics that are there, it'll pull it in for you all automatically. And that's all they do. That's what they use. Just a copy. How do they get in front of you in the first place? Typically the hackers will go ahead and send a phishing email. [00:02:43] They'll make the email sound legitimate. They'll make it look legitimate. They'll often even use a URL that looks a lot like it. B the real banks email. I've seen it before where the URL is bank of america.safe site.com. That sort of a thing. I'm not blaming safe site. They could be a great company. [00:03:04] I don't know. I just made it up as we're going, but that type of a URL where it's not really bank of america.com or it's a misspelling of bank of America, that's the sort of thing that gets to be pretty darn common and. Clicking on that link and then submitting your information. It hasn't been leading to credit card fraud, data extraction, wire transfers, identity theft, and a whole lot more. [00:03:34] Now with the COVID relief, that's been out there. All of these things from filing for unemployment claims through filing for PPP protection as a business, the whole. Industry has changed. I'm talking about the hacker industry here, because there are so many people who are falling for these scams and ransomware as well has gone up over 300%. [00:04:08] It's just absolutely amazing. Now, if you go online and you duck, duck, go. Fake login pages. And for those of you who don't know what I mean by that duck go is the search engine I've been recommending lately. It is a search engine that doesn't take politics into play like Google does. And it also does not track you. [00:04:31] And what you're looking at it is ad based. It gets its revenue from advertisement, but it's not selling your information just on the basic search. That you're doing. I think it's a very good alternative, but if you go ahead and your search for fake login pages, you're going to find thousands of guides on how to create websites. [00:04:53] And these bad guys can create these websites in absolutely no time at all. It just a minute or two in order to make one of them. Now it can be difficult nowadays to figure out if it's a fake site, because the, again, the hackers are constantly updating their techniques to be more sophisticated. So it's made it more difficult for consumers to really recognize when something's fraudulent. [00:05:22] Now I want to get it into a psychological term. In attentional, blindness. You've probably heard of this. I remember this from, I think it was college days for me, so a very long time ago, but there's a study that was done on inattentional blindness called the invisible gorilla test. If you go right now online and just search for invisible gorilla test, you'll see a bunch of these coming. [00:05:52] No, there's even a book called that the invisible gorilla test that came out about 11 years ago, 12 years ago, I think. But here's the bottom line on this? They tell you to do something in this study. What they did here is there's a video. People there's six people, three of them are dressed with white shirts and three of them have black shirts and they're passing basketballs back and forth. [00:06:20] The white shirts are only passing to the white shirts and the black shirts under the black shirts. And what they ask you to do is count the number of times the team in white past. Now, you're sitting there watching, knowing they're going to try and fool you, you're paying a whole lot of attention to it. [00:06:40] And then at the end, they ask you a question that may be not expecting the video. I just watched on this, that was called the monkey business. Illusion is the name of this. I counted and I counted carefully and I came up with 16 passes. So the monkey business, illusion, 16 times the people in the white shirts passed the basketball back and forth. [00:07:06] So I got that. But then they said did you notice the person in the gorilla costs? Who walked through the game. He didn't just walk through the game, walked in, beat on this chest and then walked out of the game. If you didn't know about this and okay. In chorus, all honesty, I always try and put everything upfront here. [00:07:29] I knew about it beforehand. I remember from college days. But eight, most people actually about 50% of people who did not know, there is a gorilla in the middle of this. Would not have noticed the gorilla walking through the game, but this monkey business illusion video, there's something else too. [00:07:52] And I've got to admit, I did not notice that. And that is the curtain color change. From red to gold, this curtain that was in the background of all of these players. And I didn't notice one other thing. I'm not going to tell you what that is. You'll have to watch the video of yourself too, to figure that out again, just go online and search for the monkey business illusion. [00:08:19] And I think you'll find it. So the reason I brought this up is because if you come across a well forged login page and you're not actively looking for signs of fraud, you're fairly likely to miss a cybercriminals gorilla. You're likely to miss that the logo's not quite right, or the placement isn't the same as I'm used to. [00:08:45] Because you're focused in, on doing what you're supposed to be doing. It's the whole concept as well of have tunnel vision. And I'm sure you're aware of that. We've all had that before, where we're really focused on this one little thing and we don't notice everything else going on. It particularly happens in high stress times. [00:09:08] So how do you steer clear of the fake login pages? We're going to talk about that when we get. But it's absolutely crucial for everyone, even if you've had phishing training and you are trying to be cautious, you could fall for this invisible gorilla and enter in your personal details, not something that you really want. [00:09:36] Hopefully you guys got my newsletter last weekend. I got a lot of comments on it. People are saving. In fact, that's the first thing I said in this email last week is don't lose this because it went through point by point on about 10 different things that you should be doing too. Yourself and your business safe during the holidays. [00:10:03] Now, of course we had labor day coming up. We're going to have more holidays, right? There's always more holidays in the future and less it's after the first of the year, then you got to wait a long time. Make sure you get it, make sure you dig it out. If he didn't notice it just search for me@craigpeterson.com. [00:10:23] That's where the email comes from and have a look at that. I have links on how to do all of those things. It's very important. FBI warning out just last week. [00:10:33] I just told you about one of the biggest problems we are facing right now, when it comes to hackers and then has to do with fishing and going to fake login pages. Now I'm going to tell you exactly what to do. [00:10:47] How do you steer clear of these fake log-in pages and how do you protect yourself in case you accidentally do provide the bad guys with the information that you shouldn't have? [00:11:01] If they've got your email address or your login name and they have your password, it's pretty easy for them to log in. In most cases right into your bank account. So first of all, don't fall for phishing, but as we just described because of this whole inattentional blindness that we have, it's easy enough to fall, pray for this. [00:11:28] Beat yourself up too bad if you followed, if you fell for some of that stuff, but there is a great little website the Google has that you might want to check out. And that website gives you a real quick quiz, is the best way to. And it shows you some emails and you get to determine whether or not you think it's fishing and then it tells you what the reality of it is. [00:11:59] So go to fishing quiz. Dot with google.com. If you miss that, you can always email me M e@craigpeterson.com and I'll send it off to, but phishing quiz dot with google.com. And of course, phishing is spelled P H I S H I N G fishing. Dot with google.com. So you can go there and right there on the screen, it says, take the quiz. [00:12:30] You can hit it and make up a name and an email address. So it doesn't have to be your real name or your real email address. Okay. It's not going to send you anything. It's not going to sign you up for stuff. It just wants to use it in. Phishing email examples. That's going to give you, so I put in a fake name and a fake email address and it is showing me an email. [00:13:00] So to me, from a Luke, John. And it says Luke Johnson shared a link to the following document, Tony 21 budget department dot doc. So if I click on that, I have now told them, Hey, I'm open to all that sort of stuff. It's so anyways, it's got the link and it's got the opening docs and you now up above say, is this phishing or is it. [00:13:27] Legitimate. Okay. So if we say fishing that says, correct, this is a phishing email. You might have spotted the look alike, you are out. And that is indeed exactly what it is cause it it wasn't legitimate. And remember when you mouse over a link, you can see down at the bottom. The URL that is going to open up for you. [00:13:51] So you can just go through this at your own speed at your own pace and figure it out again. If you didn't get that, you can always email me M E ed Craig peterson.com. And I'll be glad to get back to you. So that's a good way to learn about fishing. I want to con really warn, I should say businesses. If you are sending out phishing emails to your employees to see if they are opening fake phishing emails or not. [00:14:23] That's an okay. Practice. The problems really come in with the companies that are sending out phishing emails and are then following up in such a way that employee is punished in some places they are being punished by if you've opened three fake emails over the last year or whatever it might be. [00:14:47] But over the last year, you're. It's that bad. So we have to be careful. You're not going to increase the confidence of your employees by doing that. And what's, you're actually going to end up doing is slowing down the productivity of your employees. Because now they're going to be really worried about opening, any emails that look like they might be legitimate. [00:15:14] And so your business is going to slow right down. So having some more training about it. Okay. I can see that everyone makes mistakes and we've got to remember that as well, but watch free, man. But we really are trying to get you to move quickly, act fast, or I need this answer right away. Or one of the big ones is we've got this vendor and in fact, I'll, let me give you a real world example. [00:15:41] It's a manufacturing company and of course they. To buy product from vendors, as supplier. And then they use that product or whether it's copper or whatever it might be now to put it all together to make their products. And this one person, this one, hacker a lady again in Eastern Europe, she went and found out about this company. [00:16:08] Okay, great. Found on their website, who the CEO was, who the CFO was. Okay, great. And was able to find the CEO online on Facebook and on his Facebook account, he said, yeah, we're going to The Bahamas. Rear-ending a sailboat. We're going to be out there, the whole family for two weeks. This is going to be fantastic disconnected. [00:16:37] So she found all of that. Now what she had to do was she found out who it was. The CEO, what school he went to. So first she had to get around the restrictions. Cause he had said, don't share my posts with anyone other than friend. So she sent him a message because she found his LinkedIn profile. You see how easy this is to do. [00:16:59] She found his LinkedIn profile and that he went to Harvard and got his MBA. So she sent him. A little note saying, Hey, remember me Janie from X, Y, Z class at Harvard, and want to be friends catch up a little bit. And then he doesn't remember who she is, but the picture looks cute enough. I might as well say yes. [00:17:21] And now she had his contact information over on LinkedIn, send him a friend request over on Facebook as well. That's how she found out he was going to be gone for two weeks. And so now she knows when he's gone. And where he's going to be completely out of touch. So once he's gone about two or three days later, she sent an email off to the CFO inside the company and said, Hey. [00:17:49] We've got this new vendor they've been providing us with product for the last three months. We haven't paid them at all yet. I need you to wire. It was a little more than $40 million because she'd done her homework. She knew how much money the company made, what their expenses probably were. I need you to wire $40 million to this account, or they're going to stop. [00:18:17] All shipments to us. And instead of the CFO doing a little bit more homework into it and digging in and finding out because talking to the people in receiving that we've never received anything from that company. I don't know what you're talking about. And then talking with the guy on the manufacturing floor, the CFO didn't do any of that, just okay. This looks legit. And by the way, it is so easy for these hackers to also gain access to personal email accounts. And we're not going to spend time going into that right now. So he wired. Yes indeed. So there's an example of falling for fishing. A little bit of follow up on the part of the CFO would have shown him that this was not legitimate. [00:19:07] Even over on Shark Tank. Barbara Cochran. She fell prey to this, actually it was her assistant and who wired some $400,000 to a vendor that wasn't real. Now the good news is the assistant copied Barbara who saw the email right away and said, whoa, wait a minute. They called the bank and they put a stop on it.. [00:19:34] Doing a little training here on how to spot fake log-in pages. We just covered fishing and some real world examples of it, of some free quiz stuff that you can use to help with it. And now we're moving on to the next step. [00:19:50] The next thing to look for when it comes to the emails and these fake login pages is a spelling mistake or grammatical errors. [00:20:02] Most of the time, these emails that we get that are faking emails are, have really poor grammar in them. Many times, of course the commas are in the wrong place, et cetera, et cetera. But most of us weren't English majors. So we're not going to pick that up myself included. That's why I use Grammarly. [00:20:21] If you have to ever write anything or which includes anything from an email or a document you probably want to get Grammarly. There's a few out there, but that's the one I liked the best for making sure my grammar. So a tip, to the hackers out there, but the hackers will often use a URL that is very close to it. [00:20:45] Where are you want to go? So they might put a zero in place of an O in the domain, or they might make up some other domain. So it might be amazon-aws.com or a TD bank-account.com. Something like that. Sometimes the registrars they'll catch that sort of thing and kill it. Sometimes the business that they are trying to fake will catch it and let them know as well. [00:21:19] There's companies out there that watch for that sort of thing. But many times it takes a while and it's only fixed once enough people have reported it. So look at the URL. Make sure it's legitimate. I always advise that instead of clicking on the link in the email, try and go directly to the website. [00:21:41] It's like the old days you got a phone call and somebody saying, yo, I'm from the bank and I need your name and social security numbers. So I can validate the someone broke into your account. No, they don't. They don't just call you up like that nowadays. They'll send you a message in their app. [00:21:56] That's on your smart. But they're not going to call you. And the advice I've always given is look up their phone. And by the way, do it in the phone book, they remember those and then call them back. That's the safest way to do that sort of thing. And that's true for emails as well. If it's supposedly your bank and it's reporting something like someone has broken into your account, which is a pretty common technique for these fissures, these hackers that are out there, just type in the bank URL as it not what's in the email. [00:22:33] There will be a message there for you if it's legitimate, always. Okay. So before you click on any website, Email links, just try and go directly to the website. Now, if it's one of these deep links where it's taking new Jew, something specific within the site, the next trick you can play is to just mouse over the link. [00:22:58] So bring your mouse down to where the link is. And typically what'll happen is at the bottom left. Your screen or of the window. It'll give you the actual link. Now, if you look at some of them, for instance, the emails that I send out, I don't like to bother people. So if you have an open one of my emails in a while, I'll just automatically say, Hey, I have opened them in awhile, and then I will drop you off the list. [00:23:28] Plus if you hit reply to one of my newsletters, my show notes, newsletters. That's just fine, but it's not going to go to me@craigpeterson.com and some people you listeners being the best and brightest have noticed that what happens is it comes up and it's some really weird URL that's so I can track. [00:23:51] Who responded to me. And that way I can just sit down and say, okay, now let me go through who has responded? And I've got a, kind of a customer relationship management system that lets me keep track of all of that stuff so that I know that you responded. I know you're interacting, so I know I'm not bothering you. [00:24:11] And I know I need to respond. Much the same thing is true with some of these links. When I have a link in my newsletter and I say, Hey, I'm linking to MIT's article. It is not going to be an MIT. Because again, I want to know what are you guys interested in? So anytime you click on a link, I'll know, and I need to know that, so I know why, Hey, wait a minute. [00:24:36] Now, 50% of all of the people that opened the emails are interested in identifying fake login pages. So what do I do? I do something like I'm doing right now. I go into depth on fake logs. Pages. I wouldn't have known that if I wasn't able to track it. So just because the link doesn't absolutely look legit doesn't mean it isn't legit, but then again, if it's a bank of it involves financial transactions or some of these other things be more cautious. [00:25:11] So double check for misspellings or grammatical errors. Next thing to do is to check the certificate, the security certificate on the site. You're on this gets a little bit confusing. If you go to a website, you might notice up in the URL bar, the bar that has the universal resource locator, that's part of the internet. [00:25:38] You might've noticed a. And people might've told you do check for the lock. That lock does not mean that you are safe. All it means is there is a secure VPN from your computer to the computer on the other side. So if it's a hacker on the other side, you're sending your data securely to the hacker, right? [00:26:05] That's not really going to do you a whole lot of good. This is probably one of the least understood things in the whole computer security side, that connect. May be secure, but is this really who you think it is? So what you need to do is click on their certificate and the certificate will tell you more detail. [00:26:29] So double check their certificate and make sure it is for the site. You really. To go to, so when it's a bank site, it's going to say, the bank is going to have the bank information on it. That makes sense. But if you go for instance on now, I'm going to throw a monkey wrench into this whole thing. [00:26:48] If you go to Craig peterson.com, for instance, it's going to. Connection is secure. The certificate is valid, but if you look at their certificate and the trust in the details, it's going to be issued by some company, but it's going to just say Craig peterson.com. It's not going to give a business name like it would probably do for a bank. [00:27:14] So you know, a little bit of a twist to it, but that's an important thing. Don't just count on the lock, make sure that the certificate is for the place you want to contact. Last, but not least is multi-factor authentication. I can't say this enough. If the bad guys have your username or email address and your password for a site, if you're using multifactor authentication, they cannot get in. [00:27:53] So it's going to prevent credential stuffing tactics, or they'll use your email and password combinations that have already been stolen for mothers sites to try and hack in to your online profile. So very important to set up and I advise against using two factor authentication with your, just a cell phone, as in a text message SMS, it is not secure and it's being hacked all of the time. [00:28:23] Get an authorization. Like one password, for instance, and you shouldn't be using one password anyways, for all of your passwords. And then Google has a free one called Google authenticator. Use those instead of your phone number for authentication. [00:28:40] You're listening to Craig Peterson, cybersecurity strategist, and online@craigpeterson.com. [00:28:48] I've been warning about biometric databases. And I sat down with a friend of mine who is an attorney, and he's using this clear thing at the airport. I don't know if you've seen it, but it's a biometric database. What are the real world risks? [00:29:04] This clear company uses biometrics. [00:29:08] It's using your eye. Brent, if you will, it's using your Iris. Every one of us has a pretty darn unique Iris, and they're counting on that and they're using it to let you through TSA very quickly. And this attorney, friend of mine thinks it's the best thing since sliced bread, because he can just. On through, but the problem here is that we're talking about biometrics. [00:29:34] If your password gets stolen, you can change it. If your email account gets hacked, I have another friend who his account got hacked. You can get a new email account. If your Iris scan that's in this biometric database gets stolen. You cannot replace your eyes unless of course you're Tom cruise and you remember that movie, and it's impossible to replace your fingerprints. It's possible to replace your face print. I guess you could, to a degree or another, some fat injections or other things. Could be done to change your face sprint, but these Iris scans fingerprints and facial images are something I try not to provide any. [00:30:29] Apple has done a very good job with the security of their face print, as well as their fingerprint, because they do not send any of that information out directly to themselves or to any database at all. Period. They are stored only on the device itself. And they're in this wonderful little piece of electronics that can not be physically compromised. [00:30:59] And to date has not been electronically compromised either. They've done a very good job. Other vendors on other operating systems like Android, again, not so much, but there are also databases that are being kept out there by the federal government. I mentioned this clear database, which isn't the federal government, it's a private company, but the federal government obviously has its fingers into that thing. [00:31:29] The office of personnel. For the federal government, they had their entire database, at least pretty much the entire database. I think it was 50 million people stolen by the red, Chinese about six years ago. So the communists. Copies of all of the information that the officer personnel management had about people, including background checks and things. [00:31:55] You've probably heard me talk about that before. So having that information in a database is dangerous because it attracts the hackers. It attracts the cybercriminals. They want to get their hands on it. They'll do all kinds of things to try and get their hands. We now have completely quit Afghanistan. [00:32:20] We left in a hurry. We did some incredibly stupid things. I just, I can't believe our president of the United States would do what was done here. And now it's been coming out that president and Biden completely ignored. The advice that he was getting from various military intelligence and other agencies out there and just said, no, we're going to be out of there. [00:32:46] You have to limit your troops to this. And that's what causes them to close the air base battleground that we had for so many years. Apparently the Chinese are talking about taking it over now. Yeah. Isn't that nice. And whereas this wasn't an eternal war, right? We hadn't had anybody die in a year and a half. [00:33:05] It's crazy. We have troops in south Vietnam. We have troops in Germany. We have troops in countries all over the world, Japan, you name it so that we have a local forest that can keep things calm. And we were keeping things calm. It's just mind blowing. But anyhow, politics aside, we left behind a massive database of biometric database. [00:33:38] Of Afghanis that had been helping us over in Afghanistan, as well as a database that was built using us contractors of everyone in the Afghan military and the basically third genealogy. Who their parents were the grandparents blood type weight, height. I'm looking at it right now. All of the records in here, the sex ID nationality. [00:34:11] Date of exploration, hair color, favorite fruit, favorite vegetables, place of birth, uncle's name marker signature approval. Signature date, place of birth. Date of birth address, permanent address national ID number place of ISS. Date of ISS native language salary data salary, group of salary, police of salary education, father's name, graduation, date, weapon and service now. [00:34:41] These were all in place in Afghanistan. We put them in place because we were worried about ghost soldiers. A gold soldier was someone who we were paying the salary of taxpayers of the United States were paying the salaries of the Afghan military for quite some time. And we were thinking that about half of the. [00:35:06] Payroll checks. We were funding. We're actually not going to people who were in the military, but we're going to people who were high up within the Afghan government and military. So we put this in place to get rid of the ghost soldiers. Everybody had to have all of this stuff. In the database, 36 pieces of information, just for police recruitment. [00:35:39] Now this information we left behind and apparently this database is completely in the hand of the Taliban. Absolutely. So we were talking about Americans who helped construct Afghanistan and the military and the telephone. The looking for the networks of their Ponant supporters. This is just absolutely amazing. [00:36:07] So all of the data doesn't have clear use, like who cares about the favorite fruit or vegetable, but the rest of it does the genealogy. Does they now know who was in the police department, who was in the military, who their family is, what their permanent address is. Okay. You see the problem here and the biometrics as well in the biometrics are part of this us system that we were using called hide H I D E. [00:36:41] And this whole hide thing was a biometric reader. The military could keep with them. There were tens of thousands of these things out in the field. And when they had an encounter with someone, they would look up their biometrics, see if they were already in the database and in the database, it would say, yeah, they're friendly, they're an informant. [00:37:03] Or we found them in this area or w we're watching them. We have concern about them, et cetera, et cetera. All of their actions were in. Turns out that this database, which covered about 80% of all Afghans and these devices are now in the hands of the Taliban. Now, the good news with this is that a lot of this information cannot be easily extracted. [00:37:32] So you're not going to get some regular run of the mill Taliban guy to pick one of these up and start using. But the what's happening here is that we can really predict that one of these surrounding companies like Pakistan that has been very cooperative with the Taliban. In fact, they gave refuge to Saddam, not Saddam Hussein, but to a bin Ladin and also Iran and China and Russia. [00:38:04] Any of those countries should be able to get into that database. Okay. So I think that's really important to remember now, a defense department spokesperson quote here, Eric Fay on says the U S has taken prudent actions to ensure that sensitive data does not fall into the Tolo bonds. And this data is not at risk of misuse. [00:38:29] Misuse that's unfortunately about all I can say, but Thomas Johnson, a research professor at the Naval postgraduate school in Monterey, California says not so fast, the taller Bon may have used biometric information in the Coon dues. So instead of taking the data straight from the high devices, he told MIT technology review that it is possible that Tolo bond sympathizers in Kabul, provided them with databases of military personnel, against which they could verify prints. [00:39:07] In other words, even back in 2016, it may have been the databases rather than these high devices themselves pose the greatest risk. This is very concerning big article here in MIT technology review. I'm quoting from it a little bit here, but there are a number of databases. They are biometric. Many of these, they have geological information. [00:39:35] They have information that can be used to round up and track down. Now, I'm not going to mention world war two, and I'm not going to mention what happened with the government too, before Hitler took over, because to do that means you lose that government had registered firearms, that government had registered the civilians and the people and Afghanistan. [00:40:04] The government was also as part of our identification papers, registering your religion. If you're Christian, they're hunting you down. If you were working for the military, they're hunting you down. And this is scary. That's part of the reason I do not want biometric information and databases to be kept here in the U S Hey, make sure you get my show notes every week on time, along with free training, I try to help you guys out. [00:40:41] If you've never heard of the Carrington event, I really hope, frankly, I really do hope we never have to live through one of these. Again, there is a warning out there right now about an internet apocalypse that could happen because of the sun. [00:40:58] Solar storms are something that happens really all of the time. The sun goes through solar cycles. About every seven years, there are longer cycles as well. You might know. I have an advanced class amateur radio license I've had for a long time, and we rely a lot when we're dealing with short wave on the solar cycle. [00:41:22] You see what happens is that the sun charges, the atmosphere. That if you've ever seen the Northern light, that is. Part of the Sunzi missions, hitting our magnetic field and getting sucked into the core of the earth, if you will, as they get caught in that field. And the more charged the atmosphere is, the more bounce you get. [00:41:46] That's what we call it bounce. And the reason us hams have all these different frequencies to use is because of the bow. We can go different frequencies with different distances, I should say, using different frequencies. So think about it right now. You've got the earth and I want to talk from Boston to Chicago. [00:42:08] For instance, I know about how many miles it is, and I have to figure out in the ionosphere up in the higher levels of the atmosphere, what frequency. To use in order to go up into the atmosphere, bounce back, and then hit Chicago. That's the idea. It's not quite as simple or as complex in some ways, as it sounds, a lot of people just try different frequencies and a lot of hams just sit there, waiting for anybody anywhere to talk to, particularly if they are. [00:42:41] It's really quite fun. Now what we're worried about, isn't so much just the regular solar activity. We get worried when the sun spots increase. Now, the solar cycle is what has primary image. On the temperature on earth. So no matter what, you might've heard that isn't your gas, guzzling car or a diesel truck that causes the Earth's temperature to change. [00:43:10] Remember the only constant when it comes to the Earth's temperature has been changed over the millions of years. We had periods where the earth was much warmer than it is now had more common that carbon dioxide in the atmosphere than it does now had less. In fact, right now we are at one of the lowest levels of carbon dioxide in the atmosphere in earth long. [00:43:36] So the sun, if you might remember, comes up in the morning, warms things up, right? And then it cools down. When the sun disappears at nighttime, it has a huge impact. It's almost exclusively the impact for our temperatures. There's other things too, for instance. eruption can spew all to hold a lot of carbon dioxide. [00:44:01] In fact, just one, just Mount St. Helens wanted erupted, put more carbon dioxide into the atmosphere than man has throughout our entire existence. Just to give you an idea, right? So these alarms that are out there, come on, people. Really, and now we're seeing that in this last year, we had a 30% increase in the ice cap up in the, in, up in the north, up in Northern Canada, around the polls. [00:44:32] We also had some of these glaciers growing. It was so funny. I saw an article this year, or excuse me, this week that was showing a sign that was at one of our national parks. And it said this glacier will have disappeared by 2020. Of course it hasn't disappeared. In fact, it has grown now and it's past 2020. [00:44:54] Anyhow, the sun has a huge impact on us in so many ways. And one of the ways is. Something called a coronal mass ejection. This is seriously charged particles. That tend to be very directional. So when it happens, when there's one of these CMS coronal, mass ejections, it's not just sending it out all the way around the sun everywhere. [00:45:21] It's really rather concentrated in one. One particular spot. Now we just missed one not too long ago. And let me see if I can find it here. Just mast, a cm E near miss. Here we go. There a solar super storm in July, 2012, and it was a very close shave that we had most newspapers didn't mention it, but this could have been. [00:45:51] AB absolutely incredible. We'd be picking up the pieces for the next 50 years. Yeah. Five, zero years from this one particular storm. And what happens is these solar flares, if you will, are very extreme, the CME. You're talking about x-rays extreme UV, ultraviolet radiation, reaching the earth at the speed of light ionizes, the upper layers of atmosphere. [00:46:19] When that happens, by the way, it hurts our communications, but it can also have these massive effects where it burns out saddle. And then causes radio blackouts, GPS, navigation problems. Think about what happened up in Quebec. So let me just look at this back hit with an E and yeah, here we go. And March 13th, 1989. [00:46:50] Here we go. Here's another one. Now I remembered. And this is where Quill back got nailed. I'm looking at a picture here, which is looking at the United States and Canada from the sky and where the light is. And you can see Quebec is just completely black, but they have this massive electrical blackout and it's becomes. [00:47:13] Of this solar storm. Now they, these storms that I said are quite directional depending on where it hits and when it hits things can get very bad. This particular storm back in 1989 was so strong. We got to see their Rora Borealis, the Northern lights as far south, as Florida and cute. Isn't that something, when we go back further in time to this Carrington event that I mentioned, you could see the Northern lights at the eclipse. [00:47:50] Absolutely amazing. Now the problem with all of this is we've never really had an internet up online. Like we have today when we had one of the storms hit. And guess what we're about to go into right now, we're going into an area or a time where the sun's going to be more active, certainly on this 11 year cycle and possibly another bigger cycle too, that we don't really know much about. [00:48:22] But when this hit us back in the 1850s, what we saw was a a. Telegraph system that was brought to its knees. Our telegraphs were burned out. Some of the Telegraph buildings were lit. They caught on fire because of the charges coming in, people who were working the telegraphs, who are near them at the time, got electric shocks or worse than that. [00:48:48] Okay. 1859 massive Carrington event compass needles were swinging wildly. The Aurora Borealis was visible in Columbia. It's just amazing. So that was a severe storm. A moderate severity storm was the one that hit in Quebec here knocked out Quebec electric. Nine hour blackout of Northeast Canada. What we think would happen if we had another Carrington event, something that happened to 150 years ago is that we would lose power on a massive scale. [00:49:27] So that's one thing that would happen. And these massive transformers that would likely get burned out are only made in China and they're made on demand. Nobody has an inventory. So it would be at least six months before most of the country would get power back. Can you believe that would be just terrible and we would also lose internet connectivity. [00:49:52] In fact, the thinking that we could lose internet connectivity with something much less than a severe storm, maybe if the Quebec power grid solar, a massive objection here. Maybe if that had happened, when. The internet was up. They might have burned out internet in the area and maybe further. So what we're worried about is if it hits us, we're going to lose power. [00:50:20] We're going to lose transformers on the transmission lines and other places we're going to lose satellites and that's going to affect our GPS communication. We're going to lose radio communication, and even the undersea cables, even though they're now no longer. Regular copper cables. It's now being carried of course, by light in pieces of glass. [00:50:45] The, those cables need to have repeaters about every 15 miles or so under underwater. So the power is provided by. Copper cables or maybe some other sort of power. So these undersea cables, they're only grounded at extensive intervals, like hundreds or thousands of kilometers apart. So there's going to be a lot of vulnerable components. [00:51:12] This is all a major problem. We don't know when the next massive. Solar storm is going to happen. These coronal mass ejections. We do know they do happen from time to time. And we do know it's the luck of the draw and we are starting to enter another solar cycle. So be prepared. Of course, you're listening to Craig Peterson, cybersecurity strategist. [00:51:42] If you'd like to find out more and what you can do, just visit Craig peterson.com and subscribe to my weekly show notes. [00:51:52] Google's got a new admission and Forbes magazine has an article by Zach Dorfman about it. And he's saying you should delete Google Chrome now after Google's newest tracking admission. So here we go. [00:52:09] Google's web browser. It's been the thing for people to use Google Chrome for many years, it's been the fastest. Yeah, not always people leapfrog it every once in a while, but it has become quite a standard. Initially Microsoft is trying to be the standard with their terrible browser and yeah, I to Exploder, which was really bad and they have finally completely and totally shot it in the head. [00:52:42] Good move there on their part. In fact, they even got rid of their own browser, Microsoft edge. They shot that one in. They had to, I know I can hear you right now saying, oh, Craig, I don't know. I just use edge browser earlier today. Yeah. But guess what? It isn't edge browser. It's actually Google Chrome. The Microsoft has rebranded. [00:53:04] You see the guts to Google Chrome are available as what's called an open source project. It's called chromium. And that allows you to take it and then build whatever you want on top of. No, that's really great. And by the way, Apple's web kit, Kat is another thing that many people build browsers on top of and is part of many of these browsers we're talking about right now, the biggest problem with the Google Chrome. [00:53:35] Is they released it so they could track you, how does Google make its money? It makes us money through selling advertising primarily. And how does it sell advertising if it doesn't know much or anything about you? So they came out with the Google Chrome browser is a standard browser, which is a great. [00:53:55] Because Microsoft, of course, is very well known for not bothering to follow standards and say what they have is the actual standard and ignoring everybody else. Yeah. Yeah. I'm picking on Microsoft. They definitely deserve it. There is what is being called here in Forbes magazine, a shocking new tracking admission from. [00:54:17] One that has not yet made headlines. And there are about what 2.6 billion users of Google's Chrome worldwide. And this is probably going to surprise you and it's frankly, Pretty nasty and it's, I think a genuine reason to stop using it. Now, as you probably know, I have stopped using Chrome almost entirely. [00:54:42] I use it when I have to train people on Chrome. I use it when I'm testing software. There's a number of times I use it, but I don't use it. The reality is that Chrome is an absolute terror. When it comes to privacy and security, it has fallen way behind its rivals in doing that. If you have an iPhone or an iPad or a Mac, and you're using safari, apple has gone a long ways to help secure your data. [00:55:19] That's not true with Chrome. In fact, it's not protecting you from tracking and Dave data harvesting. And what Google has done is they've said, okay we're going to get these nasty third party cookies out of the whole equation. We're not going to do that anymore. And what they were planning on doing is instead of knowing everything specifically. [00:55:43] You they'd be able to put you in a bucket. So they'd say, okay, you are a 40 year old female and you are like driving fast cars and you have some kids with a grandkid on the way, and you liked dogs, not cats, right? So that's a bucket of people that may be a few hundred or maybe up to a thousand. As opposed to right now where they can tell everything about you. [00:56:12] And so they were selling that as a real advantage because they're not tracking you individually anymore. No, we're putting you in a bucket. It's the same thing. And in fact, it's easier for Google to put you in a bucket than to track everything about you and try and make assumptions. And it's easier for people who are trying to buy ads to place in front of you. [00:56:34] It's easier for them to not have to reverse engineer all of the data the Google has gathered in instead. To send this ad to people that are in this bucket and then that bucket. Okay. It makes sense to you, but I, as it turns out here, Google has even postponed of that. All right. They really have, they're the Google's kind of hiding. [00:56:59] It's really what's going on out there. They are trying to figure out what they should do, why they should do it, how they should do it, but it's going to be a problem. This is a bad habit. The Google has to break and just like any, anybody that's been addicted to something it's going to take a long time. [00:57:19] They're going to go through some serious jitters. So Firefox is one of the alternatives and to Google Chrome. And it's actually a very good one. It is a browser that I use. I don't agree with some of the stuff that Mozilla and Firefox does, but again, nobody agrees on everything. Here's a quote from them. [00:57:41] Ubiquitous surveillance harms individually. And society Chrome is the only major browser that does not offer meaningful protection against cross site tracking and Chrome will continue to leave users unprotected. And then it goes on here because. Google response to that. And they admit that this massive web tracking out of hand and it's resulted in, this is a quote from Google and erosion of trust, where 72% of people feel that almost all of what they do online is being. [00:58:19] By advertisers, technology firms or others, 81% say the potential risks from data collection outweigh the benefit by the way, the people are wrong. 72% that feel almost all of what they do on online is being tracked. No. The answer is 100% of what you do is probably being tracked in some way online. [00:58:41] Even these VPN servers and systems that say that they don't do logs. Do track you take a look at proton mail just last week. Proton mail it's in Switzerland. Their servers are in Switzerland. A whole claim to fame is, Hey, it's all encrypted. We keep it safe. We don't do logging. We don't do tracking guess what they handed over the IP addresses of some of the users to a foreign government. [00:59:09] So how can you do that? If you're not logging, if you're not tracking. Yeah, they are. And the same thing is true for every paid VPN service I can think of. So how can Google openly admit that their tracking is in place tracking everything they can, and also admit that it's undermining our privacy. [00:59:36] Their flagship browser is totally into it. It's really, it's gotta be the money. And Google does not have a plan B this anonymized tracking thing that they've been talking about, the buckets that I mentioned, isn't realistic, frankly. Google's privacy sandbox is supposed to Fitbit fix it. [00:59:56] I should say. The whole idea and the way it's being implemented and the way they've talked about it, the advertisers on happy. So Google is not happy. The users are unhappy. So there you go. That's the bottom line here from the Forbes article by Zach Dorfman, delete Google Chrome. And I said that for a long time, I do use some others. [01:00:20] I do use Firefox and I use. Which is a fast web browser. That's pretty good shape. Hey, if you sign up for my shows weekly newsletter, not only will you get all of my weekly tips that I send to the radio hosts, but you will get some of my special reports that go into detail on things like which browser you shouldn't be using. [01:00:46] Sign up right now. Craig peterson.com. [01:00:50] Many businesses have gone to the cloud, but the cloud is just another word for someone else's computer. And many of the benefits of the cloud just haven't materialized. A lot of businesses have pulled back and are building data centers. [01:01:07] Now, the reason I mentioned this thing about Microsoft again, and the cloud is Microsoft has a cloud offering. [01:01:17] It's called Microsoft Azure. Many people, many businesses use it. We have used it with some of our clients in the past. Now we have some special software that sits in front of it that helps to secure. And we do the same thing for Amazon web services. I think it's important to do that. And we also use IBM's cloud services, but Microsoft is been pitching for a long time. [01:01:45] Come use our cloud services and we're expecting here probably within the next month, a big announcement from Microsoft. They're planning on making it so that you can have your desktop reside in Microsoft's cloud, in the Azure cloud. And they're selling really the feature of it doesn't matter where you are. [01:02:11] You have your desktop and it doesn't matter what kind of computer you're on. As long as you can connect to your desktop, using some just reasonable software, you will be able to be just like you're in front of a computer. So if you have a Chromebook or a Mac, Or windows or tablet, whatever. And you're at the grocery store or the coffee shop or the office, you'll be able to get it, everything, all of your programs, all your files. [01:02:41] And we, Microsoft will keep the operating system up to date for you automatically a lot of great selling points. And we're actually looking into that, not too heavily yet. We'll give them a year before we really delve into it at all. Cause it takes them a while to get things right. And Microsoft has always been one that adds all kinds of features, but most of the time, most of them don't work and we can document that pretty easily, even in things like Microsoft. [01:03:11] The verge is now reporting that Microsoft has warned users of its as your cloud computing service, that their data has been exposed online for the last two years. Yeah, let me repeat that in case you missed it, you yeah. I'm I might've misspoken. Let me see, what does it say? It says users of Azure cloud competing service. [01:03:36] So that's their cloud. Microsoft's big cloud. Okay. Their data has been. Exposed online. Okay. So that means that people could get the data, maybe manipulate the data that's exposed means for the last two years. Are you kidding me? Microsoft is again, the verge. Microsoft recently revealed that an error in its Azure cosmos database product left more than 3,300 as your customer's data. [01:04:12] Completely exposed. Okay guys. So this is not a big thing, right? It can't possibly be big thing because you know who uses Azure, nobody uses a zer and nobody uses hosted databases. Come on, give me a break. Let me see, what else does this have to say? Oh, okay. It says that the vulnerability was reported, reportedly introduced into Microsoft systems in 2019, when the company added a data visualization feature called Jupiter notebook to cosmos DB. [01:04:46] Okay. I'm actually familiar with that one and let's see what small companies let's see here. Some Azure cosmos DB clients include Coca Cola. Liberty mutual insurance, Exxon mobile Walgreens. Let me see. Could any of these people like maybe Liberty mutual insurance and Walgreens, maybe they'd have information about us, about our health and social security numbers and account numbers and credit cards. Names addresses. That's again, why I used to get so upset when these places absolutely insist on taking my social security number, right? It, first of all, when it was put in place, the federal government guaranteed, it would never be used for anything other than social security. [01:05:34] And the law even said it could not be used for anything other than social security. And then the government started expanding it. And the IRS started using it. To track all of our income and that's one thing right there, the government computers, they gotta be secure. All of these breaches we hear about that. [01:05:52] Can't be true. So how about when the insurance company wants your personal information? Like your social security number? What business is it of? There's really no. Why do they have to have my social security number? It's a social security number. It's not some number that's tattooed on my forehead. That's being used to track me. [01:06:18] Is it this isn't a socialist country like China is, or the Soviet union was right. It's not social. So why are they tracking us like that? Walgreens? Why do they need some of that information? Why does the doctor that you go to that made the prescription for Walgreens? Why do they need that information? [01:06:40] And I've been all over this because they don't. Really need it. They want, it makes their life easier, but they don't really need it. However, it exposes us. Now, if you missed the email, I sent out a week ago, two weeks ago now, you missed something big because I, in my weekly newsletter went through and described exactly what you could do in order to keep your information private. [01:07:13] So in those cases where websites asking for information that they don't really need, right? You don't want to lie, but if they don't really need your real name, why you're giving them your real name? Why do you use a single email address? Why don't you have multiple addresses? Does that start make sense to you guys? [01:07:33] And now we find out that Microsoft Azure, their cloud services, where they're selling cloud services, including a database that can be used online, a big database 3,300 customers looks like some of them are actually big. I don't know. ExxonMobil pretty big. Yeah. I think so. Walgreens, you think that might be yeah. [01:07:57] Why. Why are we trusting these companies? If you have a lot of data, a lot of customers, you are going to be a major target of nation states to hack you and bat just general hackers, bad guys. But you're also if you've got all this information, you've also got to have a much higher level of security than somebody that doesn't have all of that information. [01:08:24] Does that make sense to you? Did I say that right? You don't need the information and I've got to warn anybody that's in a business, whether you're a business owner or you're an employee, do not keep more data than you need the new absolutely need to run your company. And that includes data about your customers. [01:08:48] And maybe it's even more specifically data about your customer. Because what can happen is that data can be stolen and we just found it. That? Yes, indeed. It could have been, it was exposed Microsoft the same. We don't know how much it was stolen. If anything was stolen. Yeah, Walgreens. Hey, I wonder if anyone's going to try and get some pain pills illegally through a, this database hack or a vulnerability anyways. [01:09:17] All right, everyone. Stick around. We'll be back. Of course, you listening to Craig Peterson. I am a cybersecurity strategist for business, and I'm here to help you as well. You can ask any question any time consumers are the people I help the most, I wish I got a dime for every time I answered a question. [01:09:38] Just email me@craigpeterson.com and stick around. [01:09:44] Whether or not, you agree with the lockdown orders that were put in place over this COVID pandemic that we had. There are some other parts of the world that are doing a lot more. [01:10:00] Australia has. I don't know. I think that they went over the deep end that much, the same thing is true right next door to them. [01:10:11] And I am looking at a report of what they are doing with this new app. You might be aware that both apple and Google came out with an application programming interface. That could be used for contract tack tracking, contact tracking. There you go. It wasn't terribly successful. Some states put some things in place. [01:10:38] Of course you get countries like China. I love the idea because heaven forbid you get people getting together to talk about a Tannen square remembrance. Now you want to know who all of those people were, who were in close proximity, right? Good for China a while, as it turns out, Australia is putting something in place they have yet another COVID lockdown. [01:11:03] They have COVID quarantine orders. Now I think if you are sick, you should stay here. I've always felt that I, I had 50 employees at one point and I would say, Hey, if you're sick, just stay home. Never required a doctor's note or any of that other silliness, come on. People. If someone's sick, they're sick and let them stay home. [01:11:26] You don't want to get everybody else in the office, sick and spread things around. Doesn't that just make sense. They now in Australia, don't trust people to stay home, to get moving. Remember China, they were taking welders and we're going into apartments in anybody that tested positive. [01:11:42] They were welding them into their apartment for minimum of two weeks. And so hopefully they had food in there and they had a way to get fresh water. Australia is not going quite that far, but some of the states down under. Using facial recognition and geolocation in order to enforce quarantine orders and Canada. [01:12:07] One of the things they've been doing for very long time is if you come into the country from out of the country, even if you're a Canadian citizen, you have to quarantine and they'll send people by your house or you have to pay to stay for 10 days in a quarantine hope. So you're paying the, of course now inflated prices for the hotel, because they're a special quarantine hotel. [01:12:34] You have to pay inflated prices to have food delivered outside your door. And that you're stuck there for the 10 days, or if you're at home though, they, you're stuck there and they'll send people by to check up on you. They'll make phone calls to check up on you. They have pretty hefty fines. [01:12:54] What Australia has decided to do is in Australia is Charlene's even going from one state to another state are required to prove that they're obeying a 14 day quarantine. And what they have to do is have this little app on their phone and they, the app will ping them saying, prove it. And then they have to take a photo of themselves with geo location tag on it and send it up via the app to prove their location. [01:13:32] And they have to do all of that within 15 minutes of getting the notification. Now the premier of the state of south Australia, Steven Marshall said, we don't tell them how often or when on a random basis, they have to reply within 15 minutes. And if you don't then a police, officer's going to show up at the address you're supposed to be at to conduct an in-person check. [01:13:59] Very intrusive. Okay. Here's another one. This is an unnamed government spokesperson who was apparently speaking with Fox news quote. The home quarantine app is for a selected cohort of returning self Australians who have applied to be part of a trial. If successful, it will help safely ease the burden of travel restrictions associated with the pandemic. [01:14:27] So there you go. People nothing to worry about. It's just a trial. It will go away. Just for instance, income tax, as soon as rule, number one is over, it will be removed and it will never be more than 3% and it will only apply to the top 1% of wage-earners. So there you go. And we all know that world war one isn't over yet. [01:14:47] So that's why they still have it in somehow. Yeah, some of the middle class pays the most income tax. I don't know. Interesting. Interesting. So there you go. Little news from down under, we'll see if that ends up happening up here. News from China, China has China and Russia have some interesting things going on. [01:15:08] First of all, Russia is no longer. Country, they are. They aren't, they are a lot freer in many ways than we are here in the United States. Of course, China, very heavily socialist. In fact, they're so socialists, they are communist and China. And Russia both want their kids to have a very good education in science, engineering, and mathematics. [01:15:35] Not so much on history, not so much on, on politics. But definitely heavy on the sciences, which I can see that makes all the sense. I think everybody should be pretty heavily on the science. According to the wall street journal this week, gamers under the age of 18 will not be allowed to play online games between 8:00 PM and 9:00 PM on Friday, Saturdays and Sundays. [01:16:02] Okay. So basically what they're doing, I reverse that what they're doing is they're only allowing the kids three hours of gaming per week. In other words, they can play between eight and 9:00 PM, Friday, Saturday, and Sundays. I think that might overload some gaming servers. Cov gaming addiction has affected studies and normal lives. [01:16:23] And many parents have become miserable. That's China's press and public administration. Sedna state. Okay. There's going to be some relief during the school holidays. Children will be allowed 60 minutes per day for gaming hard to say how China plans didn't force it, but they have their ways, identity cards. By the way required for playing online. They've got a facial recognition system introduced in July by 10 cent. Remember all of the uproar around 10 cent and their apps and president Trump trying to get them blocked here in the U S yeah, there you go. Facial recognition bill right into the app, and it's proven effective at catching children pretending to be adults in order to get around government gaming curves. [01:17:12] So this goes on and on and Korea as well, South Korea has had some very big problems. You might remember it was headlines just a few years ago of some of these south Korean kids dying because they were playing video games four days straight with no sleep, no real food. Just taking all of these energy. [01:17:37] And we'll literally gaming themselves to death. So South Korea passed a law that prevented young people from playing online video games late at night. So that was introduced back in 2011 and it's targeted at players 16 or up. And south Korean miners were prevented from playing online PC games between midnight and six, 8:00 AM. [01:18:03] Now South Korea has scrapped that law. Interesting. So they're saying it's out of respect for younger citizens, right? They're going to abolish this law, replace it by. Permit system that allows players to request a permit per game and play during self-assigned hours that their parents will sign off on. [01:18:27] This is in an article from GameSpot, by the way, a gamespot.com. You might remember them too, the whole Robin hood scandal. But I think it's an interesting question. When my kids were young lo those many years ago I got this box that the, you took the TV wire, you ran it into the box and you could program. [01:18:51] So that each kid had their own code and you could specify how much time the kid could watch TV or how much time or when they could watch TV and how much time cumulative the kids could have. And it actually worked pretty well. And the kids certainly complained a lot about it. And a couple of them tried to work the way around it hard to when the plug is inside the box. [01:19:17] Yeah, ingenuity as they are. They were able to do that. They cut the wire off and put another power connector on the end of the TV wire. Anyhow Microsoft, we've been talking about them a lot. This show. I do not like Microsoft, that already the windows 11 is coming out and we talked about. [01:19:38] Before, because windows 11 is plying. Microsoft is planning on requiring you to have a very modern computer. You need to have a TPM in it, which is this special security module. You need to have a certain speed, et cetera, but the TPM is a big thing. That's going to make it. So most of your computers won't work. [01:20:04] Tons of pushback on that. I can see what Microsoft is trying to do it. They really would love to have a clean operating system that really wasn't getting hacked all the time. And this will help it won't solve their problem, but it will help. So that they're going to be doing now is they're going to over
[Automated transcript] Weekly - Microsoft is planning on making you buy a new computer [00:00:00] Microsoft has had some incredibly successful operating systems and some significant failures. Think of windows millennial edition. While now they're coming up with windows 11, and frankly, things just aren't looking that good. [00:00:16] If you know me, you know how I have had some issues with Microsoft here over the years. They are a company that has been, in my opinion, very dishonest have been doing all kinds of immoral things for a very long time by destroying. [00:00:36] Parts of the market that they considered being competitors of theirs, so they have used their position at the top of the market with billions of dollars in cash to really nail anybody that tries to challenge them. And it's incredible to me what has happened over the years. But, of course, you might know Microsoft did. [00:00:57] Putting investment into Apple. And many people say that investment that bill gates authorized really saved apple from total collapse. And I can see how is this a reasonable audience or argument? But the bottom line is that Microsoft Windows has never been a great operating system when we get down to it. [00:01:21] It's always had issues. It's always had glitches, and we could go into a lot of reasons for that. But I think one of the main ones is that it has really tried to stay compatible with everything, all of the. When you were a kid, you certainly rode a bicycle. But, still, the bike that you might be riding when you're in your thirties or forties is probably not going to have three wheels. [00:01:46] And it's probably not going to have a pedal connected to the front wheel. It is going to be a whole lot different, and Microsoft, over the years, has tried to make their more modern operating systems as time has gone on. Compatible with older operating systems of theirs. And that inevitably leads to problems. [00:02:06] If you're trying to fix a problem, Einstein said this, right? If you're trying to fix a problem, you cannot use the thinking that created the problem in that first place, in order to fix a problem, you have to think at a different level. And when it comes to software and operating systems, you actually. To program at a different level. [00:02:29] And the entire structure of the programs has to be different than it is when you're starting. Microsoft has been doing that a little bit. And with Windows 11, they are really trying, they've gotten such black eyes over the years for security problems, and I think they deserve them for the most part. [00:02:50] Now they're forcing you to use, what's called a TPM. Now these TPMS have been around for quite a while. You see them built into your Macs, and they've been built into your apple Macs now for years built-in frankly to your iOS devices for your iPhone also for years. But this is a trusted platform module TPM. [00:03:17] And the idea behind a TPM is that your computer hardware is locking. All of this information and the senior TPM. Now there are a lot of difficult implementations of TPMS. The implementation that apple uses stores, all kinds of stuff that makes sure you're booting properly security, keys, et cetera. What Microsoft is doing now is for windows 11. [00:03:47] If you're going to. Your machine has to have a TPM and not just a older TPM 2.0, now there are alpha images available right now for developers of Windows 11. And I have to absolutely encourage you if you are a software developer to get an alpha version of windows so that you can double-check, is my software still going to be able to run in this. [00:04:13] And I also want to encourage you if you are relying on certain applications and maybe they're a little bit older, maybe they're not, but if your business requires you to use a piece of software, you really should get windows 11. Right now, get the alpha code, follow it through beta and test your software. [00:04:36] Make sure it works. If it isn't working, then talk to your software vendors, warn them that it's. Because Windows 11 requiring TPM support, although it doesn't require right now in this alpha version that they're releasing, but it does require it. Supposedly when they finally release windows 11, your computers that you have today probably don't have this chip. [00:05:07] We have a client that decided they were going to go out and buy their own server against our judgment. And what we told them they should be doing. So they went out and they bought we're going to get an HP server from HP enterprise and they did. And it did not have most of the security staff that they needed, including it did not have a TPM. [00:05:27] It did not have one of these trusted platform modules on it. Now, in their case with this HP server, they could buy one after the fact and install it. Although the entire machine had to be completely destroyed and reloaded, that's a minor price to pay versus buying a whole new server. [00:05:48] The TBM is not necessarily going to be compatible with the new version of windows. In fact, Microsoft surface tablets. I look this up their highest end surface tablets, Microsoft branding all over it. Microsoft certified $6,000 almost to buy this, or, top end surface tablet with all of the bells and whistles you can get on it. [00:06:15] It will not work with windows 11. How's that? So the reason Microsoft is doing this, I think is a good reason. They really want to lock down this system so that we're no longer having as many security problems. And we're not going to get into all of the different types of security problems that TPM is not going to solve a lot of them, but it's going to solve. [00:06:40] Some of them, but the program manager over Microsoft, her name is Al area. I guess it is Carly. She said that the hardware floor of TPM 2.0 support is going to be in place for the final version. We'll see. I think a lot of people are going to push back. However, Microsoft really does and legitimately does want to make sure that everything is safe. [00:07:07] So keep that in mind. There are a lot of people complaining about it, the alpha version. And that is why you have an alpha version, they're complaining about it because of the TPM, but also because of some of the other things that are going on with windows 11, at least right now, some of the things Microsoft has announced they've got, for instance group policy will not let you get around hardware enforcement for windows 11. [00:07:34] Microsoft is still going to block you from upgrading your device. To make sure your devices stay supported and secure. So that's good news and it's good news because many times in the past, how many of us we've upgraded our machines and to a new version of the operating system. And I use upgrade with air quotes around it, but we've upgraded our machines and they won't work with the new version of it. [00:08:00] The audience here for her little statement, which was part of this, a Microsoft tech community user questions was very upset. They did not like the answers that she was giving. And this is according to windows central, the videos, top comment, read, quote, a lot of these answers come off as super tone. [00:08:22] Deaf is looking like Windows 11 will be another windows. So for those of us that know yeah. Windows eight was really quite the flop member. They very quickly came out with windows eight one and the Microsoft is, and the only tone-deaf company out there, I've got to say, I think Apple has been very tone-deaf in a lot of different ways. [00:08:44] Now they seem to be waking up doing some things a little bit better, so kudos to them for that. But a lot of companies really. Tone, deaf to what users want. And there's a lot of blog posts here. We'll have to see if what they're saying ultimately ends up in windows 11. If it does, things will be a bit of a problem. [00:09:08] But part of the reason we don't know. Is because Microsoft disabled, any more comments on the video, they were getting so many of them. And of course there's trolls people who hate Microsoft. I'm certainly not one of them. They also, by the way, deleted all existing comments on the video here about windows 11 with their program manager in response to the negativity, the voting is still upon this video and. [00:09:37] 2,700 dislikes and only 146 likes as of this last week. It's interesting. Microsofts are really rushing to these new hardware requirements. They're being very aggressive, and I think they're handling it. Sound familiar. We've heard these sorts of things before, but now we'll see here into the legitimacy of this, how much is it going to benefit is limited as well because where are we having our biggest problems? [00:10:09] People cooking, links, things get installed et cetera, that nothing to TPM is going to be able to handle. The TPM is going to make sure that you have a secure boot that's it's missing. Goal in life. So how was it we're going to help with a lot of this other stuff we will see, and I'll definitely keep you up to date on this. [00:10:28] It's a real. Hey, I want to remind you guys, go to Craig peterson.com. Hopefully you got my newsletter last week. I gave you a private link to a webinar that I did about VPN, because there's a lot of people selling VPNs. Most of them are misrepresenting what they can. And in fact, most of them make you less safe. [00:10:53] So don't miss another thing. Go to Craig peterson.com right now. And subscribe [00:10:59] There seems to be a worker shortage. And a lot of businesses are finding that frankly, people who are involved in technology are resigning, they're calling it a great resignation of workers. We have a lot of problems as business people, filling jobs nowadays. [00:11:20] And one of the things I've thought about doing is maybe even starting a course for people who want to figure out if this whole cybersecurity thing is right for them. I think that might make a lot of sense for some people. And there are some of you listeners. I know, because I've talked to you who have gone out and. [00:11:40] Gotten into, is that a word who have changed careers into the cybersecurity realm? So does it make sense for you? I don't know. Do you think it would make sense for me to offer something? A cybersecurity course to give you guys the basics and help you to understand it, to see if it might be good for you. [00:12:00] Only, you know that, and if you're interested, make sure you drop me a note just to me, M E Craig peterson.com and let me know what you think, but the big tech is suffering from this great resignation of workers and workers in the technology field right now. It's a good time to leave. Now, this isn't the same as many workers who, for instance, were in the restaurant business for many years, were in food service. [00:12:31] You make money. Maybe you don't make money. Who knows those. And of course, those jobs pretty much disappeared during the lockup. Big tech, it's different in big tech. Most of these people, most of us, frankly, we retained our jobs. We were still able to work, still able to do the stuff we'd always been doing, but we were doing it from home, and many employees looked at the situation and said, I am not going to leave. [00:13:04] Because I don't know if I'll be able to get a new job. Does that make sense to you? So we have a bit of a pent up demand in the tech field of people who maybe didn't like the boss didn't really like what they were doing, but kept the job because at least it was a job. It paid some bills. And from the bottom-line standpoint, it didn't make sense to. [00:13:28] Now we see something else going on, people are leaving like crazy Facebook here. There's a quote in an article in MarketWatch. Lost this guy named Raymond Andres. Who's now the chief technology officer at air table. Now I've used air table before I was a client of theirs for a while. It's really something. [00:13:51] If you need to do some basic project management, or if you have a process for doing something. That needs to be tracked and maybe something handed over to another person when it meets a certain stage, check it out, air table.com online, but he left Facebook and he said, there's been a burst of activity of people leaving. [00:14:15] If anything. The lockdown delayed decisions. And that's exactly what I was saying. I've been saying that for a very long time, but there's another factor involved when it comes to technology. And that is the funding, which is just amazing. You might remember a couple of years ago we had this. Brakes on IPO's on initial public offerings. [00:14:40] These tech companies just were not going to go public at all. And because of that, many angel investors and venture capitalists said, forget about it. I'm not going to go ahead and make any sort of investment. That is the time when a lot of these small companies just failed and of course, incomes the lockdown and even more of them failed. [00:15:03] But now. But the investors are a spinner spending a lot of money so far this year, there have been 84 initial public offerings in the U S alone. Isn't that amazing? 50 plus billion dollars in IPO's. Now that's up from about 38 billion. Last year. So there's obviously money in the IPO world. So that gets the venture capitalists interested. [00:15:36] So VC money is also a record hives. This year's track to be the best year yet. According to PitchBook through June. This year 2021, $150 billion has been raised among about 7,000 deals. Now that's ahead of last year's record, a total of $164 billion for the year. So we're looking at some major money going in. [00:16:09] And we're have a lot of people that are leaving from Google and Facebook and Amazon and Apple, maybe your company as well, who are saying, wow there's some real opportunity now I could get in on the ground floor. The VC money is a record high, so I can take at least some salary enough to make it heck I haven't had to pay rent for a year. [00:16:32] So I can afford to do that, to try and. Something with some of my friends and that's exactly what they're doing. Robert half, which is a company I've had on my show before Robert half international, they did a survey and they found that about one third of the almost 3000 information technology professionals. [00:16:56] They surveyed said they planned to look for a new job in the next few months. They're also saying Robert half is that while employers posted more than 365,000 job openings in June alone, they're not getting filled that's by the way, the highest monthly. In about since September, 2019, and that's according to comp Tia, which is a, an industry trade group. [00:17:24] I'm a member of that. My company is a member of comp Tia as well. So there are a lot of things happening that are really driving people to startups. And there's a lot of advantages to that. So here's another guy. This is an engineering manager who left Facebook last year. And he quickly returned. [00:17:45] He said working at a startup, you have much more connection with employees and things moved faster. So tiger graph, by the way, also hired ex-Googlers. And they're increasing the workforce this year too, about 300 from 90. So think about what they're doing. That's not, yeah, technically it's probably still a startup, but it's 300 employees. [00:18:10] That's not us. That is a lot of employees, and they've got a lot of money behind them. Here's another guy. And she's saying, I thought I would be a lifer at Amazon. But this was a tremendous opportunity. I can have a far greater impact and more influence on the company's trajectory, which quite frankly was harder at Amazon. [00:18:32] And we're seeing more and more of particularly the younger employees looking at that. Her name's Anna fag fabric, sorry about the names butchering here, but she's now at freshly she's their chief criminals commercialization. Officer. So a lot of people are saying in this survey from Robert half international that having a chance to have an impact at a smaller company was a major reason for leaving. [00:19:00] And that's after years of massive growth at big tech companies. So again, IBM in the 1970s. They were the ruler, they were the king. They was impossible. If you work for IBM, man, they're going to be around forever. And of course, they still are. And they have amazing products, especially the Z series mainframe, but they're not the company they were. [00:19:24] And I think we now are seeing. The next step in these big high-tech, but is no longer being the companies that they were innovation is going to leave with these employees, and they're going to really be hurt and hurt quite a bit. All right. So coming up, we're going to talk, of course, more about some of the more important tech stuff, you've got to, if you haven't already get on my email list, I'll send you a couple of special reports that we. [00:19:54] As well as of course, every week, one or two newsletters, not sales documents, newsletters, Craig peterson.com. [00:20:04] Bitcoin is all of the rage. In fact, these cryptocurrencies or something, a lot of people have considered investing in of course, many have invested in it. I played around with them about a decade ago, and the IRS seized 1.2 billion worth of it. [00:20:19] You might remember, we talked years ago about the IRS trying to tax things in the virtual world. So if you were in one of these real life type things and you owned property, as it were inside this virtual world, they wanted to tax it. Of course, if you sold something with real hard money and. You sold it inside that real world with real hard money, you would end up having to pay taxes. [00:20:47] Just if you sold a hammer to someone, that's the way it works. A lot of people have decided that, for some reason, cryptocurrency is completely untracked. Now we know about cases. I've talked about them here where some of these coins in this particular case, we're talking about Bitcoin or has been used online. [00:21:15] And in fact, the government has found out who was using it and really stepped in, in a big way. Silk road is the biggest example. This was an online black market for everything you can think of, from illegal drugs to firearms, to all kinds of illegal commodities that were for sale online. [00:21:40] This was back in 2013, they were using Bitcoin to buy and sell things on this free trade zone. I think they called themselves and silk growed was just thriving. On comes the federal government and federal agents in the United States really cut their teeth in crypto search and seizure. With taking down the silk road, you might remember this was very unprecedented. [00:22:10] People had no idea. What they could do. How could the federal government monitor this? Can I buy and sell these Bitcoins? All of that sort of thing. And 20 years as the chief of money laundering and asset forfeiture in. Yeah, us attorney's office for the Southern District of New York. Sharon Levin said that this whole takedown or silk road was completely unprecedented and it was new technology. [00:22:41] What do you do well because people. Here cryptocurrency and crypto, of course, being short for cryptography, they figure that okay. While obviously it is absolutely untraceable untrackable. Tell that to the people that this year have tried to ransom money out of enough. US corporation, some of the major consider for instance, colonial pipeline and what happened with them and how at least half of their cryptocurrency was returned to them. [00:23:15] So don't think that this stuff is a way that you can get away with breaking in the law or not paying taxes. It is not the whole. Business, if you will, of crypto seizure and sale is growing incredibly fast. In fact, the federal government just enlisted the help of the private sector to manage and store these crypto tokens that have been seized from. [00:23:47] Now I mentioned that the IRS has seized about $1.2 billion worth of cryptocurrency this fiscal year. That is a whole lot of cryptocurrency. And what are they doing with it while it's the same thing? Remember the drug dealers back in the day. Miami, what was happening? I used to love Miami vice TV show. What happened there while they seize boats, they seized cars. [00:24:13] They seized cash. Obviously, they can just put back into circulation, but everything else, what do they do? Cores, they go ahead and they sell it at auction. And that's what they've been doing. Then in June, they started auctioning off light coin and Bitcoin cash. They had 11 different lots on offer. [00:24:38] It was a four day auction and it included 150.2, 2 5 6 7 1 5 3 light coin. You like that. Remember cryptocurrency is not necessarily a whole coin. It's like having a gold coin. That's worth 500 bucks. How are you going to use that to buy a loaf? But what happens with these cryptocurrencies is you can buy and sell fractions of a coin. [00:25:04] So that's why you get into the millions of a piece of a coin. So they sold 150 ish like coin and. Above 0.00022 a Bitcoin cash worth more than 21 grand. So that's one of the 11 lots that was out there. And this crypto property is what they're calling. It had been confiscated as part of a tax noncompliance case. [00:25:34] I'm looking right now at the public auction sale notice. And where it was, where you could go online. It was a GS, a auctions.gov. If you want to check these things out, as in the general services administration, auctions.gov, GSA, auctions.gov, and they were selling it, and it was a taxpayer, it tells you all kinds of information about them. [00:25:56] It's a. Crazy here, but you have to pay by cash to certified cashiers or treasures check drawn on different whatever banks. And it's really cool to look at some of these things, but you can find them online. If you're interested in buying them might be a good way to buy them, to buy these various cryptocurrencies if you want to get into there. [00:26:20] But a lot can refer to almost anything could be, as I said, boats or cars like it was on Miami vice. It could be some number of crypto coins that are being auctioned. So they're going to be doing more and more of that. Then, apparently, the feds are saying that they have no plans to step back from being basically a crypto broker. [00:26:46] Here is the bottom line here because they're seizing and selling all of these assets. So keep an eye out for that. Remember what is going on? The silk road site that I mentioned had been shut down or operating on the dark web. It used Bitcoin exclusively nowadays are using various either types of coins. [00:27:09] Most of them are ultimately traceable, and we're not going to get into all of the details behind it, but the bottom line is so what do they do now? Think about this. Silk road had 30,000 Bitcoin that they were able to identify in CS. And it was probably the biggest Bitcoin seizure ever. And it sold for about $19 million. [00:27:37] So that was quite a few years ago. Somebody just pull up a calculator here, say 30,000 times, and what's Bitcoin nowadays. I'm not quite sure. Let's say it's $15,000. So in today's money, it had a half, a billion dollars. Today's value, a half, a billion dollars worth of Bitcoin in there isn't that something, and that was all seized and it was all auctioned off. [00:28:03] So keep an eye on that. They're following the money is the technique they're using. You can find out a lot more at us, marshals.gov, and that is how they found it. If you've got pictures. You're going to have to sell it. You're going to have to transfer. You have to do something with it. And that's where they're getting. [00:28:24] Bottom line, particularly if you take the Bitcoin and turn it into something else, but this would take a while to explain. And I was very happy to be able to sit in on a presentation that was done by the treasury department on how they handle all of this. It's frankly very fascinating. Hey, make sure you spend a couple of minutes and join me online. [00:28:49] Craig peterson.com. You can sign up for my newsletter. You can listen to my podcasts, and you can get some free, special reports just for signing up. [00:28:59] This is a tough one. Apple has decided that they are going to build in to the next release of the iPhone and iPad operating system. Something that monitors for child porn. [00:29:12] Apple has now explained that they are going to be looking for child abuse images in specific ones. And I just am so uncomfortable talking about this, but the whole idea behind it is something we need to discuss. Apple said, they're going to start scanning for these images and confirmed the plan. In fact, when people said, are you sure you're going to be doing that? [00:29:43] Here's what. IOS 15, which is the next major release of Apple's operating system for I-phones. And for I pad is going to use a tie to something called the national center for missing and exploited children. And the idea behind this is to help stop some of this child abuse and there's people who traffic in children, and it's just unimaginable. [00:30:13] What happens out there really is some people it's just such evil. I, it I just don't get it. Here's what they're going to be doing. There are ways of taking checksums of pictures and videos, so that if there is a minor change in something that might occur, because it was copied that it does not mess it up. [00:30:39] It still can give the valid checksum and. Iman, that technology is detailed, but basically just think of it as a checksum. So if you have a credit card number, there is a checksum digit on that bank accounts have checked some digits so that if you mess it up a little bit, okay, it's an invalid checksum, so that number's obviously wrong in this case. [00:31:03] What we're talking about is a checksum of a pitcher or oven. And these various child safety organizations have pictures of children who are abused or who are being abused, who are being exploited. And they have these checksums, which are also called hashes. That is now going to be stored on your iOS device. [00:31:33] And yes, it's going to take some space on the device. I don't think it's going to take an enormous amount of space considering how much space is on most of our iPhones and iPads that are out there. Apple gave this detection system is called C Sam, a real thorough technical summary. It is available online, and I've got a, to this article in this week's newsletter, but they released this in just this month, August of 2021. [00:32:06] And they're saying that they're using a threshold that is. Quote set to provide an extremely high level of accuracy and ensures the less than one in 1 trillion chance per year of incorrectly flagging a given account. Now I can say with some certainty in having had a basic look through some of the CSM detection documentation, that they're probably right about that, that the odds are very good. [00:32:39] Small that someone that might have a picture of their kids in a bathtub, the odds are like almost so close to zero. It is zero that it will be flagged as some sort of child abuse, because it's not looking at the content of the picture. It's not saying that this picture, maybe it is a picture of child exploitation or a video of her child being exploited. [00:33:01] If it is not one that has been seen before by the national center for missing exploited. It will not be flagged. So I don't want you guys to get worried that a picture at the beach of your little boy running around and just boxer trunks, but a lot of skin showing is going to get flagged. It's not going to happen. [00:33:24] However, a pitcher that is known to this national center for missing and exploited children is in fact going to be flagged and your account will be flagged. Now it's hard to say exactly what they're going to do. I haven't seen anything about it, of the apples. Only say. That that they're going to deploy software. [00:33:50] That's going to analyze images in the messages application for new system that will warn children and their parents from receiving or sending sexually explicit photos. So that's different. And that is where again, a child, you put parental settings on their iPhone. If they're taking these. Pictures, selfies, et cetera. [00:34:13] Girls sending it to a boyfriend, sending it to his girlfriend, whatever it might be. The parents are going to be warned, as are the children that is looking for things that might be of a sexual content. Okay. It really is. It's really concerning. Now let's move on to the part that I'm concerned about, because I think everyone can agree that both of those features are something good that are ultimately going to be very good, but here's a quote. [00:34:40] Apple is replacing it's industry standard end to end encrypted messaging system with an infrastructure for surveillance and censorship. Now, this is a guy who's co-director for the center for democracy and technology security and surveillance product project, I should say. He's Greg, no, him, no Chaim, is saying this, and he said apple should abandon these changes and restore its users, faith in the security and integrity of their data on apple devices and services. [00:35:14] And this is from an article over an tech. So this is now where we're getting. Because what are they doing? How far are they going? Are they going to break the end encryption in something like I messages? I don't think they are going to break it there. They're not setting up necessarily an infrastructure for surveillance and censorship, but apple has been called on as has every other manufacturer of software. [00:35:44] I remember during the Clinton administration, this whole thing with eclipse. Where the federal government was going to require anyone that had any sort of security to use this chip that was developed by the federal government. And it turns out, of course, the NSA had an very big backdoor in it, and it was a real problem. [00:36:04] Look at the Jupiter. That was another encryption chip and it was being used by Saddam Hussein and his family in order to communicate. And it turns out yeah, there's a back door there too. This was a British project and chip that was being used. So with apple, having resisted pressure. To break into phones by the US government. [00:36:27] But some of these other governments worldwide that have been very nasty, who've been spying on their citizens who torture people who don't do what apple are not happy, what the government wants them to do have been trying to pressure Apple into revealing this. Now I have to say, I have been very disappointed in all of these major companies, including apple, when it comes to China, they're just drooling at the opportunity to be there. [00:36:56] Apple does sell stuff there. All of these companies do. Yeah, Google move their artificial intelligence lab to China, which just, I cannot believe they would do something like that. AI machine learning, those or technologies that are going to give the United States a real leg up technology wise to our competitors worldwide. [00:37:17] And they move to China, but they have complied with this great firewall of China thing where the Chinese people are being censored. They're being monitored. What's going to happen now because they've had pressure from these governments worldwide to install back doors in the encryption systems. [00:37:38] And apple said, no, we can't do that because that's going to undermine the security for all users, which is absolutely true. If there is a door with a lock, eventually that lock will get picked. And in this case, if there's a key, if there's a backdoor of some sort, the bad guys are going to fight. Now Apple has been praised by security experts for saying, Hey, listen, we don't want to undermine security for everybody, but this plan to do ploy, some software that uses the capabilities of your iPhone to scan. [00:38:15] Your pictures, your photos, things that videos that you're sharing with other people and sharing selected results with the authorities. Apple is really close to coming across that line to going across it. Apple is dangerously close to acting as a tool for government surveillance. And that's what John Hopkins university cryptography professor Matthew Greene said on. [00:38:46] This is really a key ingredient to adding surveillance, to encrypted messages. This is again, according to our professor over John Hopkins, green professor green, he's saying that would be a key in Greece and then adding surveillance, encrypted messaging, the ability to add scanning systems like this to end encrypted messaging systems has been a major ask by law enforcement, the world. [00:39:14] So they have it for detecting stuff about missing and exploited children. That's totally wonderful. And I'm fine with that. No problem. But that now means that Apple's platform has the ability to add other types of scanning. All right. We'll see what ends up happening these the next thing, which is warning children and their parents about sexually explicit photos is also a bit of a problem here. [00:39:46] Apples. Yeah on this is messages uses on-device machine learning to analyze image attachments, and determine if a photo is sexually explicit. The feature is designed so that Apple does not get access to the messages it's saying, if it detects it, they're going to blur the photo. The child will be warned, presented with helpful resources and reassured it is okay if they do not want to view them. [00:40:16] And the system will let parents get a message. If children do view a flagged photo and similar protections are available for child attempts to send sexually explicit photos. Interesting. Isn't it. Interesting world. So I think what they're doing now is, okay, they're really close to that line, going over. [00:40:38] It could mean the loss of lives in many countries that really totally abuse their citizens or subjects, depending on how they look at them. Hey, make sure you check me out online. Craig peterson.com. Hey, sorry about having to talk about this, but man, this isn't. [00:40:57] It's time for a little bit of good news. We now have satellite internet performance. That's pretty much on par with fixed broadband, and it isn't just in the us. We're going to talk about that right now. What are the options? [00:41:13] You might remember the whole Sputnik thing and what happened there really drove the space race forward very rapidly, but we're using much fancier satellites than Sputnik, which of course, all it was doing was sending out a beep. [00:41:30] It was alive. And I remember I went over to a friend's house. I have an advanced class amateur radio license, and I went over to a friend's house, and he had some satellite equipment. He was also a ham, and we were able to tune his satellite in his satellite dish into a couple of the satellites up there. [00:41:52] Now the amateur radio community has one or more satellites. I'm not sure. We were really impressed with all of the stuff that's up there in the sky. There are satellites, of course, that we don't even know what they're doing because they're top-secret government satellites. And they're probably a decade ahead of the rest of the industry. [00:42:15] But he was pulling down images from some of these satellites that were open-source of what's happening on the earth and just all kinds of things back before heavy encryption. It was very cool to think that these satellites were miles up in space. No, I'm looking@somestatisticsherefromspeedtest.net. [00:42:37] I don't know if you've ever tried it. You should try and go to speed. Test one word.net on your web browser. And it'll open up a little window. It's a company called Uber. And that window will allow you to start a test. And the first thing it does is it tries to find, okay, where are you located? And who has the closest reflector that we can use for speed testing? [00:43:02] Usually there's something not too far away from you. If you are out in the Netherlands and of course, many of you listening, kind of our Netherlands, when it comes to internet access, you have pretty slow internet and speed test dot nettle. I'll put there's three numbers, you, or maybe four, you really have to pay attention to. [00:43:25] You've got the download number and that's telling you how fast the data comes down to your browser from that particular spot, which is typically, as I said, close to you, although nowadays something that's far away on the internet, isn't going to be that much. So download matters and then probably what matters the most for most people. [00:43:48] The next thing to look at is upload most of the time. If you have a regular consumer internet link, your upload speed is about 10, maybe as much as 20% of your download speed. So if you're getting megabit down, It's going to be 10% of that megabit down, maybe as much as 20%. So you're going to get about a hundred K up versus the megabit down it again, it varies. [00:44:21] A lot of places will have 50 megabits down and 10 megabits up so it can vary. Now the up speed, the uplink speed is what's going to affect you when you are trying to upload a file. So maybe you're trying to upload something to work, or you are trying to stream a video cause you're trying to run a webinar. [00:44:45] That's what that is. The next number that you have to pay attention to is the round trip time. So that's the time it takes from a packet to get from your computer to the server that you're connected to. And then back again. Usually that's measured in milliseconds. And I remember the very first time I was using the ethernet, it was thick wire, ethernet, and 10 megabits. [00:45:16] And wow. I was just so fast and very expensive to use. And the delay pinging another machine. In other words, sending a packet from my machine to another machine on the network. And then having that packet returned to me was anywhere from if it was like lightning fast, 10 milliseconds, and more likely it was 30, 40, 50, even a hundred milliseconds on the same day. [00:45:44] Nowadays, if you're looking@yournumbersonspeedtest.net, you are probably seen speeds that just blow away what I was using back then because things have just gotten so much faster. You've probably seen a few milliseconds in speed round trip, speed time again, depending on how good your link is. And then the fourth one you have to pay attention to is. [00:46:11] And jitter is where you are seeing inconsistent speeds in those round trip times. And that's going to affect live stuff, particularly live audio, which we'll notice a lot to that. Hey, the audio is just terrible. It's dropping out at me. Maybe sounds digitized. Usually. Parts dropout gamers care a lot about the jitter because that's going to affect their game and how they play their game. [00:46:42] So I just ran it here on my studio computer. Now we have fiber optics. We have a business line that goes directly to Comcast backbone and I'm seeing. From where I am to a server that's about 90 miles away, I would say my ping time round trip is three milliseconds. It's just, I'm still blown away by that. [00:47:08] Cause I remember using dial up modems that were 110 bits per second, 110. And that was just absolutely amazing. And then 300, can you believers? 300 bod and it's changed a lot, right? So three milliseconds round trip time for me. And I'm trying to brag or make you feel bad. I'm just telling you what it can be. [00:47:30] My download speed is 720. Megabits per second. And that's because right now we're downloading a few different things and my upload speed is a gigabit per second. So you can see in a commercial link, typically your download and your upload speeds are the same. It is not, it is in 10% obviously is exactly the same. [00:47:54] So those are the numbers you should look at. I don't see on my results. The jitter, maybe there's not reporting that anymore, or maybe they only reported on bad lines. I'm not sure, but again, speed test.net. So they have released this guys@speedtest.net, some stats on the satellite companies, because our friends over at startling, that's Elon Musk's company think Tesla and SpaceX, they are showing. [00:48:28] Amazing download speeds. They're showing 97 megabits a second download. Now that doesn't of course, I really approach the gigabit that I'm seeing, but this is from a satellite. It's just amazing. And they're going to see if more now all fixed all speeds of everyone. One in the United States that has gone to speed test.net and ran speed tests. [00:48:56] All speeds averaged out in the United States come to 115 megabits. So Starlink is almost as fast as the average broadband connection in the United States. Now here's a little, here's where they really shine to upload speed of about 14 megabits a second. So that's not bad that still fits within our model that we talked about latency. [00:49:24] 45 milliseconds. Now compare that with what I had, which was what three milliseconds it's slow, but it's again, remember it's a satellite. So it's going from the earth station while it's actually going from your computer to their satellite dish at your location is going up to the satellite is coming back down to an earth station is picking up the signals from the satellite, and then it's going to the server. [00:49:53] So 45 milliseconds is pretty good. I want to put that in perspective, though. The two biggest competitors right now, satellite internet are Hughes net and ViaSat Hughes net. This is again, according to speed, test.net. Download speed is averaging a little less than 20 megabits a second. So it's 20% of the speed of startling. [00:50:20] Yeah, pretty bad. A and star links latency. Remember, and this matters a lot. If you're trying to do live video or you're trying to run your phone over it, latency is 724 milliseconds. So that's three quarters of a second. From the time a packet goes out until it comes back. So that will affect any sort of phone calls that you're making on HughesNet and then ViaSat none, much better download speed of 18 megabits a second, which is worse, but the upload is slightly better than HughesNet and their latency is slightly. [00:50:56] What I'm saying is Starlink is really starting to shine. And Elon Musk is saying they are going to be even better. They're going to be much better. Give them a little bit of time. The reason that Charlene has the faster latency. Much, much faster latency than our friends at HughesNet or ViaSat is that they have low earth orbit satellite. [00:51:23] So they are sitting up there. They do have some drag from our atmosphere, so they will come down. There's things in place to take care of all of that sort of stuff. But Starlink it's going to be available pretty much everywhere. The country. India is very excited about this because they've had real problems with the internet in some of the rural areas. [00:51:48] But Hey, if you are out in the middle of nowhere in the United States, there is hope check out, Starlink online, lots of great stuff. Hey, stick around. We will be right back. You're listening to Craig Peterson. [00:52:05] The hackers are still going after with ransomware, they're still doing just blanket attacks. They're still doing massive fishing, but they have glommed on to something that is being much more effective. That's what we're going to be talking about. [00:52:21] This is a huge problem. We have seen some very high profile ransomware lately. Think of what happened with colonial pipeline, the whole solar winds attack, and much more the bad guys are trying to figure out a way to more inexpensive. Ransom money from us to more inexpensively, get all of our confidential information. [00:52:48] I have a client that before he was my client, all of his data was stolen and they run right to the Chinese. I have another client who's operating account was completely emptied. And the problem in both of these cases, Was really the client not doing what they should be doing, but supply chain problems, supply chains, the software, you have the hardware you have that you're relying on it. [00:53:19] One of the major types of businesses that are being attacked right now are our managed security services, company, security researchers who are trying to do, with all the effort they can maybe keep ourselves safe. But they're not doing what they should be doing. You've heard me complain for many years about programmers. [00:53:43] I'm saying that in air quotes, people who have learned how to do Microsoft C sharp or visual basic, whatever it might be. At a very high level in share. Yeah, they can put stuff together. It reminds me of when the spreadsheets first started hitting the boardrooms, all of a sudden, business people, managers all the way on up through the board were saying I don't need the it department anymore. [00:54:09] In order to get these numbers, I can just gather them in myself and put together a spreadsheet. I'll be safe. Everything will be great. I'm going to get that information now instead of having to wait for it, to get some programmers involved and get it done. The problem in all of these cases is exactly this. [00:54:29] These are non-professionals that are trying to do the job. Those spreadsheets, many of them had bad data on them. They compiled into even worse data because there were in many cases. Problems with the spreadsheet. I remember when I was a professor at Pepperdine University and I was teaching management information systems out there in the west coast and beautiful campus, by the way, if you've never been there out at Pepperdine, right on the coast. [00:54:59] But when I was working with those students, who were, it was his MIS 4 22 last year undergraduate. I ended up emphasizing spreadsheet. Because I realized most of them didn't really know how to do it. Yeah. Okay. They could go ahead and put a little thing in there that says, add up all of these columns and this row and multiply by that and cut out. [00:55:25] I've got a number coming out, but is that number correct? It's like a county. And that's why accountants use double entries in the accounting systems to make sure everything zeroes out. Make sure everything is correct. And by having someone who's a manager using this spreadsheet, you might get some great information and might get it quickly. [00:55:46] It might be absolutely correct, but it's very possible that it won't be. And from my experience and programmers are the worst of the worst, because many of them started when they were kids, very bright kids who were working on stuff and hacking it things. That's where the term hacker comes from. [00:56:05] Hacker wasn't necessarily a bad thing. They certainly. Bad guys. They were just hacking it. The computer's trying to figure out how to program, and if something went wrong, they would hack at the code a little bit more to try and fix it and figure it out. Non-professional they were just hacking that stuff. [00:56:23] And that's what we called them hackers. And so it was a derogatory term for someone that didn't really know what they were doing, but they were hacking their programming or hacking it. Some other part of it. Versus having people who are actually trained and experienced Microsoft got sued because of how bad windows millennial edition was and windows Vista. [00:56:49] And they found that the majority of the code had been written by interns, by kids, right out of school without the experience. What does that mean? Why am I really bashing the younger generations? It has to do with the ability to foresee problems and the best way to be able to foresee a problem is to have seen it before, for instance, that you've gotta be careful when you're allocating right. [00:57:15] And that it's not necessarily going to be cleared properly, or if at all, and that the return points can be changed in programs. That's one of the things that hackers do most nowadays. So if you have software that's written by people that don't realize all of the implications of what they're doing, you could be in trouble. [00:57:38] I like to use the analogy of a car. Back in the day, many of us are turned a wrench and we tinkered with the older cars. We had a whole lot of fun with them trying to figure out how can I improve this? And we'll do this to the carb and we'll change this and look at this airflow problem, pretty basic stuff. [00:57:56] But today, what we're dealing with is a car that is a whole bunch of major components. We went to replace an air intake because of a bad sensor in a Ford Crown Vic. And it was one of the last model years. And back in the day, you could pretty easily fix that. You just buy the little sensor and put it in there. [00:58:20] And you're all set. We had to buy the whole component, which included the air intake, manifold all the way on back to the sensor and everything that was behind it. It was absolutely crazy and cost a lot of money. So think of someone who is trying to build a car today, we might equate this to you by a transmitter. [00:58:43] You buy an engine, hopefully they fit together. If all right, have you ever tried to match a transmission to an engine and it's not right. Do you have to get a converter or make a converter that goes in the middle, or do you have to drill it out in order to make it Mount properly? All of those sorts of problems. [00:59:00] And then you've got all of the other components in the vehicle as well that are mix and match. That's what programmers are doing nowadays. Nowadays, a programmer grabs this library that does something. So, for instance, Apple has a library you can use that identifies faces, but you don't know how it works. [00:59:22] You don't know that transmission, how it works. Is it really going to work for you? It wasn't smart to combine that 600 horsepower engine with a Vega Chevy Vega transmission. For those of you old enough to remember what that is. But it didn't stop you from doing that either. And that's what we're seeing. [00:59:42] That's what these supply chain attacks are all based on that. So much software is written by people that have not had the experience to think through the potential problems. And Microsoft is to blame for making it really easy for anyone to write a program, just like you could blame VisiCalc back in the day for making it really easy for anyone to make a spread. [01:00:07] But those spreadsheets weren't accurate. The software that we're getting from our suppliers, which include Microsoft. This latest, huge hack came right through Microsoft exchange. It was a zero day bug. The same types of problems that we've had with some of the other software that's out there. Think about how we got the solar winds attack. [01:00:31] Think about some of these other ones that we've had that are just absolutely massive. It can kill us and kill us in a very big, when we're talking of course, about all of our systems and software. Hey, I want to remind you guys, just spend a couple of minutes. If you would go online, Craig peterson.com. [01:00:51] You're going to get the sort of thing. Last weekend. I sent out a video that I chaired with some friends, and I shared it with anybody on my list. Last weekend, it was just part of the newsletter on VPNs, who you can tell. Who you can't trust and the best ways and times to use a VPN. All right. Stick around. [01:01:12] We'll be right back. You're listening to Craig Peterson online@craigpeterson.com. [01:01:20] So now, a little bit about what supply chain attacks are. We're going to get into that a little bit more now, what can you do about it? And this European union-funded study that came in the wake of these two major cyber attacks. [01:01:36] The European Union has now forecasted that there's going to be four times more software supply chain attacks in 2021 than there were in 2010. That, my friend, is a very big deal. These cybercriminals are now shifting to larger cross border targets. [01:01:59] This is just an amazing report. You can look at it. It's called threat landscape for supply chain attacks. And they looked at 24 supply chain incidents that have occurred between January 20, 20 and July, 2021. The basics here are a supply chain attack is where a software provider or some sort of a trusted provider is hacked. [01:02:25] Usually they're are hacked in a way that they don't realize they've been hacked and then they pass off. The hacked software to you. I can remember a Microsoft product back when they used to ship them on DVDs or CDs. And we got that thing. One of the first steps was always to scan it for viruses, and we did. [01:02:48] And sure enough, Microsoft was shipping out software with a virus on it all. The same sorts of things have been happening with thumb drives some of these ones, particularly cheap ones that you buy online often have built right into them. Malware. Now with some of the reason for the malware is legitimately purposeful. [01:03:12] Okay. What they're trying to do is get you to have their little ransomware work for them so they can make some money off of you. In other cases, you have a thumb drive that a friend gave to you, and you're now using a little thumb drive and guests. Yeah, you are a little thumb drive has some nastiness on it. [01:03:32] Same, thing's true with Microsoft word documents that might have macro viruses, if you will, that are built into them. These little Trojans do the same thing with the Excel spreadsheets and on. But what they're finding right now is that these hackers are trying to get to the companies that provide services for the bigger companies. [01:03:55] And that's where it can hurt you and hurt you in a big way. I was just talking about how many programmers just aren't terribly professional. And some of that has to do with their lack of experience and those programmers might be using a library. So, for instance, get hub, which I use, and it's very common to be used out there online. [01:04:18] It has all kinds of source code called open-source code. So you can use it. You can model. That some of that software has been infected. And then there are people who are using languages that are nice and simple, like Python and others. And you write in this scripting language and pull in libraries that come from public sources that do things for you. [01:04:41] So they might do something like display something on this screen. They might go out and grab something from a URL online or connect to a database. And what the bad guys have found out is we're not, double-checking all of the sources of all of this software, and that is causing some huge security holes. [01:05:04] And what ends up happening is companies like solar wind are using some of this soft. And they then might be including it in the software they're providing you now, in the case of solar winds, it's a little bit different, but it's the same concept. Solar wind software was being used by a large number of companies in the U S. [01:05:29] Agencies were using solar wind software. And so we're regular old, small businesses because what happens is you hire a managed services provider and they don't have time to look at all of your computers all of the time. So they have software that they're using called a Ryan in this particular case. And I'll Ryan is installed on all of your computers. [01:05:55] So probably unbeknownst to you there's software on your computers. That is not being written by that managed services provider. But in this case was being written and provided by solar winds. Solar winds got hacked and the hackers put into solar wind software. Code that would eventually end up on your computer and your computer getting hacked. [01:06:18] So you just see how complicated this gets, right? You guys are the best and brightest, but you've probably got your eyes spinning a little bit here because we're talking about multiple layers of like again, direction, right? So these attacks, which mode, it looks like it began maybe in March 20, 20. [01:06:38] We're only detected in December last year, and they have been linked to this Russian organization called cozy bear, but we'll see what happens. We've got the more recent ones, which is the reveal. Ransomware got gang, this R E V I L reveal. And they exploited vulnerability. In Casias VSA, which again is another management platform that's used by many of these companies out there that are providing managed services. [01:07:09] Now I've got to say by means of full exposure here. We had to use both of these pieces of software before. And when we looked into them, we found that they. Insecure. In fact, it sounds like some of these companies had been warned by their own employees, that the entire architecture of their software was insecure. [01:07:33] Okay. So we ditched them all. We're using Cisco's software, they're advanced malware protection. The real high-end firewalls with special software, the backend that's running. So we're not getting into all of these crazy acronyms and names right now. So just so you know, that's what we use. That's what we use for our customers. [01:07:56] I even have that at my house. Okay. So a little bit more expensive, but it's a lot cheaper than having to hire a whole bunch of it. People to keep track of everything else now, because say. I had gotten, I had this ransomware that was distributed to Casa, his client. And potentially to kiss his clients, and this reveal gang demanded a $70 million ransomware payment say is denied that it paid it. [01:08:28] They may or may not have paid it. You might remember in the Trump years, they said, absolutely. Don't pay ransoms, or we may come after you because that is illegal to pay a ransom by. Because you are supporting a terrorist organization. So you gotta be careful with stuff like that. Don't pay ransoms, right? [01:08:48] Because it also tells them that you are a company that pays ransoms. So guess who they're going to come after again, you, because they know you'll pay. So a lot of incidents, I'm looking at a timeline of the attacks that were studied in this report coming out of the European. Yeah. And it is amazing here. [01:09:06] The unit max beans. That's one of those libraries. I was talking about the able desktop as Sydney. Was Vera excelling on VC or excuse me, VG, solar winds, big knocks, Mon pass Ukraine, SEI, click studios cast private stock investment manager goes on Fujitsu ledger. So this is a huge problem. And this is the sad part. [01:09:34] European union's predicting. It'll go up four fold this year. So what do you do? You have to audit your vendors. And that usually means you have to have an agreement plays. They accept the responsibility if you are hacked. So keep it up. Yeah. Let me know if you'd like more help with that. You can always email me M e@craigpeterson.com. [01:09:59] I think I got a couple of those contracts kicking around these vendor contracts. If you'd, I'll send one to, but you have to reach out to me. M E. At Craig peterson.com. All right, stick around. We've got one more segment today, and I want to make sure you spend a couple of minutes online. Craig peterson.com. [01:10:20] And go ahead and sign up. Sign up for my weekly newsletter. [01:10:28] We're going to do a little bit of wrap up right now, including talking about I message some of the changes that have come in Apple's messenger application, that many people are saying it shocking, and you should stop using it right now. [01:10:44] This is an article in Forbes by Zach Dorfman, where he's talking about why you should stop using iMessage after what he's calling the shock iPhone app. [01:10:58] Has had a number of major problems here recently that have been in the news. Of course they have about half of the smartphones in the country, right there. But things have become a little worse for apple here recently. And what we're worried about is, for instance, this whole Pegasus that we talked about a couple of weeks ago, where it is, what's called a zero-click piece of metal. [01:11:25] Where they can send you a text message, even if they're not a friend of yours and take over your phone. And we've seen things like that before. In fact, I think it was in Saudi Arabia, where was it? The crown prince received a video from somebody. He played it, and it exploited some vulnerabilities in the video player and allowed them to have full access to his phone. [01:11:49] And don't remember all of the details, but that part, I do remember. So the big question is, have all of these major security issues being fixed by apple is I messaged say for not, apple is saying it is encrypted end to end. They don't keep messages. There's some question about that because of a major incident back in 2018, where Apple was going to make sure it encrypted all of your backups and then. [01:12:18] FBI apparently spoke to apple and got them to change their opinion on the whole thing, which is another interesting problem. Isn't it. So what do you do, what do you do with that? And what do you do? Very good question. Earlier this year we had WhatsApp make a major change. They had course also said we've got end to end encryption with WhatsApp or wonderful. [01:12:41] And then people really questioned it because it was now owned by our friends over at Facebook. Is there privacy thereon WhatsApp? Is it legitimate? Is it just a bad PR move? What's going on WhatsApp, by the way, with 2 billion users worldwide and WhatsApp Facebook said, Hey, listen, we're gonna start giving you ads. [01:13:05] And basically people were worried about them examining the content of their messages in order to give them targeted ads, et cetera. So now apples just confirmed what Forbes is calling the most shocking and controversial update in the platforms. History. And here's what's going on. Pegasus, of course, as I mentioned, this click attack, Apple's got his new update now, right? [01:13:32] That is using machine learning. In order to see if a minor child might be sending a picture pornographic or otherwise they should not be sending or receiving. And we also have built into it. Now, this child sexual abuse. Check some set of people. That looks on your devices to see, do you have any photos that match, just check some part of the problem with this isn't that I'm not worried about these children that are being exploited. [01:14:06] Cause I am, I'm absolutely against that. But the bigger question here is, okay, so what's next is apple going to capitulate to the government and let them know if you have a certain picture of something rather the government doesn't like, where is this going to end? So in other words, Apple's phones being a lockbox. [01:14:30] The Apple iPad is being a lockbox is really. No longer going to be true. It is no longer going to be that encrypted lockbox that has been promised to us the electronic frontier foundation. As a little comment here, they say Apple's compromise on end to end encryption may appease government agencies in the U S and abroad, but it is a shocking about phase four users who have relied on the company's leadership in privacy. [01:15:00] And security, which is absolutely true. Now there's not much controversy, frankly, about limiting the spread of child sexual abuse material, but where we go on from there, that's where it starts getting a little more questioning here. Here's a, this is a Jake Moore over at east set. You said the initial. [01:15:21] Potential concern is that this new technology could drive CSM further underground. See Sam being this child abuse material, but at least it is likely to catch those at the early stages of their offending. The secondary concern, however, is that it highlights the power in which apple holds with the ability to read what is on devices and match any images to those known on a database. [01:15:47] This intrusion is grown with intensity and often packaged in a way that is for the greater good, right? Isn't that always the case. So we're doing it for the children. I talked about this extensively earlier. You can find it in my podcast, go to Craig peterson.com/podcast. Right now you can listen to it there. [01:16:08] Take a look in your emails from the newsletter. Pretty good about trying to send those out the last few weeks. I haven't been that great because of issues here, family issues and others. So it's been a little tough. So I apologize for that, but we all want to see technology develop. That's going to help tackle abuse. [01:16:27] It's going to stop the real bad guys that are out there. But what happens when China says we want access to this? We want to know when there's any pictures of a weaker symbol, for instance, or something else. What's Apple going to do they get, they can no longer say, oh, that's not taught. We don't have that technology. [01:16:45] There's nothing we can do. Just like Apple has done with the iPhones in the past, saying we don't have a back door. There is no backdoor key. We can't crack into that. That doesn't stand up when they say, okay, China comes to them or Iran or Saudi Arabia, or you name the country and says, Hey, we don't want people to see these particular messages. [01:17:08] Absolutely amazing. So timing on this dreadful. Okay. Part of iOS 15, apparently Pegasus raised two serious concerns that Apple's ecosystem, including I message has sti
In this episode, I interview Zach Dorfman about his excellent reports in Foreign Policy about U.S.-Chinese intelligence competition in the last decade. Zach is a well-regarded national security journalist, a senior staff writer at the Aspen Institute's Cyber and Technology program and a senior fellow at the Carnegie Council for Ethics in International Affairs. We dive deep into his tale of how the CIA achieved remarkable penetration of the Chinese government and then lost it, inspiring China to build a far more professional and formidable global intelligence network. In the news roundup, we touch on the disgraceful riot at the Capitol this week, and I criticize Silicon Valley's rush to score points against the right in a way it never did with the BLM demonstrations last summer. Nate Jones disagrees with my take, but we manage to successfully predict Parler's shift from platform to (antitrust) plaintiff and to bond over my proposal to impose heavy taxes on social media with more than ten million users. Really, why spend three years in court trying to break‘em up when you can get them to do it themselves and raise money to boot? SolarWinds keep blowing. Sultan Meghji and Zach Dorfman give us the latest on the attribution to Russia, the fine difference between attack and espionage and the likelihood of direct or indirect regulation. Pete Jeydel and Sultan cover the latest round of penalties imposed by the rapidly dwindling Trump administration on Chinese companies. Nate dehypes the UK High Court decision supposedly ruling mass hacking illegal. He previews some Biden appointments, and we talk about the surprising rise of career talent and why that might be happening. Nate also critiques former Director of National Intelligence Ric Grenell after accusations of politicization of intelligence. I'm kinder. But not when I condemn Distributed Denial of Services for joining forces with ransomware gangs to punish victims; it's hard to believe that anyone could make Julian Assange and Wikileaks look responsible, but they do. Speaking of Julian, he's won another Pyrrhic victory in court – likely extending his imprisonment with another temporizing win. And more! Download the 344th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.
Episode 343 of the Cyberlaw Podcast is a long meditation on the ways in which technology is encouraging other nations to exercise soft power inside the United States. I interview Nina Jankowicz, author of How to Lose the Information War on how Russian disinformation has affected Poland, Ukraine and the rest of Eastern Europe—and the lessons, if any, those countries can offer a divided United States. In the news, Bruce Schneier and I dig for more lessons in the rubble left behind by the SolarWinds hack. Nobody comes out looking good. Persistent engagement and defending forward only works if you're actually, you know, engaged and defending, and Russia's cyberspies managed (not surprisingly) to have hidden their achievement from the National Security Agency (NSA) and Cyber Command. More and better defense is another answer (not that it's worked for the last 40 years it's been tried). But whatever solution we pursue, Bruce makes clear, it's going to be expensive. Taking a quick break from geopolitics, Michael Weiner gives us a rundown on the new charges and details (mostly redacted) in the Texas case against Google for monopolization and conspiring with competitor Facebook. The scariest thing about the case from Google's point of view, though, may be where it's been filed. Not Washington but Beaumont, Texas, the most notoriously pro-plaintiff, anti-corporate jurisdiction in the country. Returning to ways in which foreign governments are using our technology against us, David Kris tells the story of the Zoom executive who used pretextual violations of terms of service to take down speech the Chinese government didn't like, censoring American efforts to hold a Tiananmen memorial. The good news: He was indicted by the Justice Department. The bad news: I can't help suspecting that China learned this trick from lefty ideologues in Silicon Valley. Aaand, right on cue, it turns out that China's been accused of using its 50-cent army to file complaints of racism and video game violence to get YouTube to demonetize Americans using the platform to criticize China's government. Then Bruce points us toward a deep and troubling series of Zach Dorfman articles about how effectively China is using technology to vault over US intelligence agencies in the global spying competition. And in quick succession, David Kris explains what's new and what's not in Israel's view of international law and cyberconflict. I note that President Trump's NDAA veto has been overridden, making the cyberczar and DHS's CISA the biggest winners in the cyber policy arena. Bruce and I give a lick and a promise to the FinCen proposed rule regulating cryptocurrency. We're both inclined to think more reregulation is worth pursuing, but we agree it's too late for this administration to get anything on the books. David Kris notes that Twitter has been fined around $550,000 over a data breach filing that was a few days late – by the Irish data protection office, in a GDPR ruling that is a few years late. Apple has lost its bullying copyright battle against security start-up Corellium but the real risk to Corellium may be in the as-yet unresolved claim for violation of the DMCA. And Trump's DHS is leaving office with new warnings about the cyber risks of Chinese technology, this time touching on backdoors in TCL smart TVs and spillage from Chinese data services. And more. Download Episode 343 (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.
COVID-19 vaccinations have begun in the U.S., with a New York City nurse on Monday becoming the first recipient outside of clinical trial participants. But some Americans remain skeptical, in part due to perceived political influence. Dan discusses the process, politics and science of COVID-19 vaccinations with Margaret Hamburg, who led the FDA between 2009 and 2015. Plus, Axios Codebook author Zach Dorfman joins to discuss the cybersecurity hack that has impacted both the U.S. Treasury and Commerce departments. Learn more about your ad choices. Visit megaphone.fm/adchoices
An FDA advisory committee has recommended authorization of the Pfizer vaccine and it will soon start making its way through the U.S., but some of the biggest hurdles still to overcome are mistrust in both the government and vaccines themselves. Polls are showing that many still do not want to take the vaccine as soon as it is available. This is especially evident in communities of color who are disproportionately affected by the coronavirus. We need about 70-75% of people to get vaccinated so that we can get on the road back to normal. Ian Duncan, reporter at the Washington Post, joins us for why many are taking the wait-and-see approach with the Covid vaccine. Next, a story about a Chinese spy targeting California politicians. Between 2011 and 2015 a Chinese intelligence operative named Christina Fang, developed extensive ties with local and national politicians including CA Congressman Eric Swalwell. It is not believed that Fang passed along any classified information to the Chinese government, but she did get very close to political power through campaign fundraising, extensive networking, and romantic or sexual relationships with at least two Midwestern mayors. Zach Dorfman, senior staff writer at the Aspen Institute and author of the Axios Codebook Newsletter, joins us for how this Chinese spy operated and was rooted out. Learn more about your ad-choices at https://www.iheartpodcastnetwork.com
For over a year, Axios has been investigating a suspected Chinese intelligence operative who cultivated extensive ties with local and national U.S. politicians, including a sitting congressman. Today, we present a special episode: the story of the alleged intelligence operation, which offers a rare glimpse into the lengths Beijing will go to access U.S. political circles. Guests: Axios' Bethany Allen-Ebrahimian, Axios Codebook author Zach Dorfman of the Aspen Institute, former Cupertino, CA mayor Gilbert Wong, former CIA intelligence official Rodney Faraon and Alameda County chief-of-staff Shawn Wilson. Credits: This story was edited by Alison Snyder, Scott Rosenberg and Sara Goo. This special podcast episode was produced by Dan Bobkoff and Carol Wu and mixed by Alex Sugiura. Special thanks to Mike Allen, Qian Gao and Naomi Shavin. Go deeper: Exclusive: Suspected Chinese spy targeted California politicians Learn more about your ad choices. Visit megaphone.fm/adchoices