Are You Getting Dragged Into Dealing With Cybersecurity?

Craig Peterson: You probably know I've been doing cybersecurity now for 30 years in the online world. Yeah, that long. I'm afraid I have some confessions to make about our relationships here, cybersecurity people, and employees.

I got pulled into this whole business of cybersecurity quite literally, kicking and screaming. I had already been involved in the development of the internet and internet protocols for a decade before. In fact, one of the contracts that I had was with a major manufacturer of computer systems.

[00:00:39]What I did there was design for Unix systems a way to check for malware and manage them remotely. Yes, indeed, I made one of the first RMM systems, as we call them nowadays. We also tied that RMM system, of course, into Windows and a few other operating systems. Unix was where I was working at the time.

[00:01:05] I am what they called an OG in the industry. My gosh, my first job with computer networks was back in 75. Believe it or not, a long time ago. Back then, of course, it was mainframe to mainframe basically and some of the basic protocols, the RJE, and stuff. I know I've got many older people who are listening saying, yeah, I remember that. It brings back memories.

[00:01:32] In fact, I got a note just this week from a listener who was saying his first computer was a Sinclair. Do you remember those things? Oh my gosh. It brought back so many memories for us older guys. But it was just such a great little device with the keys and much different than I'd ever seen before. The XZ81. I just looked it up online so I can remember what the model number was. Timex made that. Suppose you can believe that too. It's just. Wow. It had a Z 80 CPU, which of course, was like an 8080, which was Intel's big chip at the time, running at 3.25 megahertz. Yes, indeed. Very cool. I love that computer anyways. I digress.

[00:02:22]The whole industry at the time was non-existent, yeah. You had antivirus software. We started seeing that in the eighties. We had some terrible operating systems that many people were running like Windows, just absolutely horrific.

[00:02:40] Remember windows three-point 11 and XP and millennial edition just some of the most terrible software ever. That's what happens when you have interns? A lot of the code came out in one of the lawsuits for one of these versions of Windows.

[00:02:55]It was a different world, and I had to figure out what was going on because I had some servers that were Unix servers. This was the early nineties, and I hosted email for companies and websites and filtered things with some precursor to SpamAssassin. It was really something. I had some DECservers, Digital Equipment Corporation. Remember those guys, and suddenly, customers started calling me because the email wasn't working. It turned out it was working, but it was extremely slow, and I had to figure out why.

[00:03:37]I telneted to my server. I got on, started poking around the servers.

[00:03:43] I had a computer room and the first floor of the building I owned, and I was on the second floor. So off we go looking around, trying to figure out what is going on. It was me, actually. I said we, but it was really me. Cause I knew the most about this stuff.

[00:03:59] These processes just continued to fork, and I was trying to figure out why it is creating all these new processes. What's going on? What has happened here? Back then, The internet was a much different place. We trusted everybody. We had fun online. We would spam people who broke our almost unwritten internet rules about being kind to other people. What spam was, where the whole term comes from is you would send the script from Monty Python spam and eggs, spam and ham spam, spam, spam routine.

[00:04:37]You send it to somebody that was breaking these unwritten rules, like trying to sell something on the internet. Absolutely verboten. What a change to today.

[00:04:48]I saw some of this stuff going on. I was trying to figure out what it was, but we trusted everybody. So my mail server, which was Sendmail, at the time. We still maintain some instances of Sendmail for customers that need that.

[00:05:04] Nowadays. It's usually more something like postfix in the backend. You might have Zimbra or something out front, but postfix in the backend. We allowed anybody on the internet to get on to our mail server and fix some configuration problems. They didn't have full access to everything. Firewalls weren't, then, what they are today.

[00:05:29] In fact, one of our engineers just had to run out to a client who did something we told them not to do. They were using the SonicWall firewall on their network, as well as they had our stuff. So we had an excellent Cisco firepower firewall sitting there. So then they have this SonicWall so that they're people, remotely could connect to the SonicWall firewall because it's good enough. SonicWall says it's compliant. So the SonicWall firewall was being used to scan the network and load stuff. Does that sound familiar? Much to our chagrin.

[00:06:08] So he had to run out and take care of that today. It sounds like we might have to do a rip and replace over there restore from backups. You have no idea what these bad guys might've done. We've seen Chinese into these networks before, Chinese malware. It's not been very good.

[00:06:23]Boy, am I wandering all over the place?

[00:06:24]Back to this, we would allow people to get onto our network to fix things. If something was wrong, if we were misconfigured, they could help us and get on and do it because the Sendmail configuration was not for the faint-hearted.

[00:06:42]In the days before Google, right? Eventually, we had Archie and Veronica, and Jughead. They did basic searches across FTP servers. That's my kicking and screaming story.

[00:06:56]I was trying to run a business where we hosted email for companies, which we still do to this day, and where we had some, back then we didn't have websites. The web didn't come in into play until a couple of years later, but we did host FTP sites for businesses so that they could share files back and forth.

[00:07:22]That's what I wanted to do. That was my business.

[00:07:26] Later on, I ended up helping 80% of my clients find the other web hosts after these $8 Gator hosting things. We just got a call on that this week. Somebody who'd been a client of ours 20 years ago went with a guy that charges $5 a month for web hosting. They have personally identifiable information on that site if you can believe it. He was complaining because it wasn't working. He was getting a C-panel error anytime he went to the site. We said, Hey, listen, this problem is the guy that you're hosting from. We did a little research, and we checked the IP address and how many sites we're at that IP address. This guy that was charging them $5 a month had 150 different websites at that one IP address. Now that's not bad. He hosted all of these 150 at a site that charges the eight to $10 a month for Webhosting.  

[00:08:29] He had all of these sites on top of a server that already split up hundreds of ways. It's just amazing what people do.

[00:08:38]Man alive. 

We got rid of 80% of those customers, the ones that wanted cheap, that's fine, get greedy, and see what happens to you. But, some of them still maintain a good relationship with us, so we help them out from time to time, right?

[00:08:52] What am I going to do? So somebody calls me, I gotta help them. That's precisely what we do now with this malware problem.

[00:09:01] What's going on here? We talked already about the Great Suspender and how Google has said, Hey, this now has malware in it, so we're removing it from your web browsers. That, to me, makes a ton of sense. Why not do that?

[00:09:18]This is another example of what happened with SolarWinds. This is an example of a supply chain infection. What happened with that? Somebody bought Great Suspender from the developer and then added this basic malware to the Great Suspender. Just it's a terrible thing. Very surprising, but one of the most significant exploits used by the bad guys right now is the security team's poor relationship with other employees within the organization.

[00:09:56]What's going on, and it goes back to this customer that we just had to run out to.

[00:10:01] Why did they do what we told them not to do?