Did You Hear About the Latest Rip-Off? Non-Fungible Tokens! How Law Enforcement Tracks Bitcoin!
Release Date: 04/22/2022
Craig Peterson - America's Leading CyberSecurity Strategist
Do You Know How Crypto's Nose-dive Will Even Hurt Your 401K? Hey, it looks like if you did not invest in "Crypto," you were making a smart move! Wow. We got a lot to talk about here. Crypto has dived big time. It's incredible. What's happened? We get into that and more. [Following is an automated transcript] Hi everybody. Craig Peterson here. Appreciate your joining me today. Spend a little bit of time with me. It's always a fun thing to do thanks for coming in. And Thanks for sticking around. [00:00:29] Crypto currencies. It's a term for all kinds of these basically non-government...info_outline Facebook Has No Idea Where Your Data Is and What They Do With It?!
Craig Peterson - America's Leading CyberSecurity Strategist
Facebook Has No Idea Where Your Data Is and What They Do With It?! Facebook's about 18 years old coming on 20 Facebook has a lot of data. How much stuff have you given Facebook? Did you fall victim for that? Hey, upload your contacts. We'll find your friends. They don't know where your data is. [Following is an automated transcript] [00:00:15] This whole thing with Facebook has exploded here lately. [00:00:20] There is an article that had appeared on a line from our friends over at, I think it was, yeah. Let me see here. Yeah. Yeah. Motherboard. I was right. And motherboards reporting that...info_outline Did You Hear How the FBI, NSA, and CIA Got Tracked Because of Their Smartphones? How About You?
Craig Peterson - America's Leading CyberSecurity Strategist
Did You Hear How the FBI, NSA, and CIA Got Tracked Because of Their Smartphones? How About You? You're worried about surveillance. Hey, I'm worried about surveillance. And it turns out that there's a secretive company out there that to prove their mustard tracked the CIA, and NSA yeah. Fun thing. [Following is an automated transcript.] [00:00:16] This is a company that is scary. We've talked before about a couple of these scary guys. [00:00:22] There's this Israeli company called NSO group. And this it is, so group is absolutely incredible. What they've been doing, who they'll sell to these....info_outline How Does Big Government Collaboration With Big Tech Raise the Costs of Everything?
Craig Peterson - America's Leading CyberSecurity Strategist
How Does Big Government Collaboration With Big Tech Raise the Costs of Everything? We're going to talk about the Senate bill that has big tech scared, really scared. I'll talk about a new job site problem for a number of different industries because of hackers, the cloud, the cost and reliability. [Following is an automated transcript] This tech bill. It has the Senate really scared. He is frankly, quite a big deal for those of you who are watching over on of course, rumble or YouTube. I'm pulling this up on this screen. This is an article. ARS Technica and they got it originally from...info_outline Did You Hear About the Latest Rip-Off? Non-Fungible Tokens! How Law Enforcement Tracks Bitcoin!
Craig Peterson - America's Leading CyberSecurity Strategist
Did You Hear About the Latest Rip-Off? Non-Fungible Tokens (NFTs) Are Already Losing Steam! [10:54] How Law Enforcement Tracks Bitcoin! It is Absolutely NOT Anonymous [20:05] The FBI Is Actively Removing Malware From Private Machines -- Without The Owner's Permission [29:10] Why and When You Shouldn't Trust QR Codes [41:08] Cybercrime in Russia Tracked to a Single Office Building in Moscow! [52:29] The Newest Phishing Scams [01:01:32] Using Wordpress? How Supply Chain Attacks are Hurting Your Business Website [01:10:43] Cybersecurity Tools You Should Be Using! Jam packed today. We're going...info_outline Are You Ready For Data Wiping Attacks?
Craig Peterson - America's Leading CyberSecurity Strategist
Are You Ready For Data Wiping Attacks? Yet another warning coming out from the federal government about cyber security. And this one is based on what's been happening in Ukraine. So we're going to talk about that situation, the whole cyber security over there and why it's coming here. [Automated transcript follows] CISA is the cybersecurity and infrastructure security agency. How's that for a name it's not as bad as what does that shield right over from the Marvel universe, but the cybersecurity and infrastructure security agency is the agency that was created to not just protect federal...info_outline Which Anti-Hacker Techniques Can You Use Against the Russian Hackers?
Craig Peterson - America's Leading CyberSecurity Strategist
Weekly Show #1158 We know the Russians have been attacking us. I've talked a lot about it on the radio and TV over the last couple of weeks. So I am doing something special; we are going through the things you can do to stay safe from the latest Russian attacks. Last week, we started doing something I promised we would continue -- how can you protect yourself when it comes to the Russians? The Russians are the bad guys when it comes to bad guys. So there are a few things you can do. And there are a few things; frankly, you shouldn't be doing. And that's precisely what we're going to talk about...info_outline Why Is Russia Password Spraying Hurting You? What Are They Trying to Do? And What Is It?
Craig Peterson - America's Leading CyberSecurity Strategist
Why Is Russia Password Spraying Hurting You? What Are They Trying to Do? And What Is It? This is one of the top topics I've had people ask about lately: How can you protect yourself and your business against Russian hackers? So I've got a presentation. We're going to run through it. We're going to talk about what you can do about it. [Automated transcript follows] This has been a long time coming. I have been doing a lot over the years of webinars of online meetings, trying to help people understand what's going on, what can be done. [00:00:28] And I got a great email this week from one of the...info_outline What Can Be done About Russia? What Can You Do?
Craig Peterson - America's Leading CyberSecurity Strategist
What Can Be done About Russia?What Can You Do? There is a whole bunch going on when it comes to Russia, of course, the invasion of Ukraine. Why are people calling to have dot RU deleted? This is really a big deal. And if you're watching from home, I'm going to go full screen on this article. [Automated transcript follows.] [00:00:23] This is an article from ARS Technica, and I've been talking about it all week, which is that I can won't revoke Russian in Jeanette domains, says the effect. Devastating. This is frankly pretty darn fascinating to me because I can, as this international...info_outline Did You Hear About the Latest Phishing Scams to Hit? Get the Latest Free Cybersecurity Tools
Craig Peterson - America's Leading CyberSecurity Strategist
Did You Hear About the Latest Phishing Scams to Hit? Get the Latest Free Cybersecurity Tools This is a big deal, quite literally a big deal. Russian malware. We have been able to track it down now, track it down to a single site. All of these bad guys are in one building in Moscow. [Following is an automatic transcript] This is a very big story and it's a bit of a scary one as well. We've had a lot of ransomware over the years and a lot of ransomware. Have you had it yourself? I bet you, if you haven't, someone who has had ransomware because frankly it is pervasive in every aspect of pretty...info_outline
Did You Hear About the Latest Rip-Off? Non-Fungible Tokens (NFTs) Are Already Losing Steam!
[10:54] How Law Enforcement Tracks Bitcoin! It is Absolutely NOT Anonymous
[20:05] The FBI Is Actively Removing Malware From Private Machines -- Without The Owner's Permission
[29:10] Why and When You Shouldn't Trust QR Codes
[41:08] Cybercrime in Russia Tracked to a Single Office Building in Moscow!
[52:29] The Newest Phishing Scams
[01:01:32] Using Wordpress? How Supply Chain Attacks are Hurting Your Business Website
[01:10:43] Cybersecurity Tools You Should Be Using!
Jam packed today. We're going to start with non fungible tokens. If you don't know what those are, this is a very big deal because so many people are investing in them right now. Are they really investments? I've got a bit of a blow back here. Most people think that Bitcoin is anonymous. We're going to talk about how it absolutely is not.
[00:00:20] We're going to talk about anonymous. In fact, the Russians, Microsoft, what they're doing against the Russians and this little comedic thing about cars.
[00:00:28] NFTs are very big deal.
[00:00:31] I'm going to pull up here on my screen right now. This is a picture of Mr. Jack Dorsey. We'll go full screen, an article from a website called CoinDesk. CoinDesk is one of these sites that really tries to track what's happening out there in the Bitcoin community. Of course, nowadays it's much more than Bitcoin.
[00:00:53] Isn't it? We're talking about all kinds of. Different currencies that have a blockchain backend. They're called cryptocurrencies basically. But the big one was of course, Bitcoin. And there is a whole concept. Now, when we're talking about things like cryptocurrencies and these non fungible tokens. People have been investing them in them.
[00:01:19] Like crazy people are making millions of dollars every week. Now, remember, I am not an investment advisor and particularly I'm not your investment advisor. So take all the. To your investment advisor. I'm not telling you to buy them. I am telling you to be cautious here though, because these non fungible tokens are designed to give you the ability to be able to just, own something in the digital world.
[00:01:48] What might you own in the digital world? We've had a lot of different stuff. We've seen some just crazy monkey things. Have you seen those? These little pictures of monkeys are. Graphic designed and it's all animated. If you will. It's like cartoons and people pay money for them. One of the things that people paid money for was the rights to the first tweet ever on Twitter.
[00:02:16] So that's what you're getting. When we're talking about an NFT on a non fungible transaction, it is now yours. So this particular NFT we're talking about was of our friend here, Jack Dorsey. We'll pull it up again, this article, and he had a tweet that was sold last year for $48 million. That is a lot of money.
[00:02:43] So people look at this as an investment, but it's not the same as hanging art on the wall. You've got a Picasso that has some intrinsic value. It's a painting. It has all the oil paint on that, it was designed by and painted by a crazy man years ago. And you can take that Picasso and you can.
[00:03:07] Turn it around and sell it. It has some real value. If you own the rights to something, let's say it's one of these monkey pictures. It reminds me of a postage stamp and you paid real money for it. Some of these things are going, as I said, for over a million dollars and this Jack Dorsey first tweet went for $48 million.
[00:03:27] So let's say that's what you did, right? You bought this thing for $48 million. Really? What do you have? Because anybody can go online and look at that tweet. Anybody can print it up and stick it on a wall. Anybody can go out and get that picture of the monkeys right there. The guy drew, and you can look at it.
[00:03:51] In fact, I can pull it up right now, if you want to do. But people paid real money for that. So they've got what really? What do they have? You can't take it off the wall, like you're Picasso and salad, right? Or Banksy, if you're into the more modern art, it's just not. What is doable? How do you make this work?
[00:04:12] Only the NFT only gives you bragging rights in reality. That's what it does. You have bragging rights because you could take that digital picture and make a hundred quadrillion copies. Yeah, you'd still own the NFT you would still have in the blockchain for whatever NFT company you're using the rights to it.
[00:04:37] They would say this, you owned it. So let's talk about the blockchain behind it. There are a lot of companies that are trying to give you that. Okay. All right. I get it. Yeah, I get to to own it. But who's running the blockchain behind it. Who's validating that you own it with Bitcoin and many of these other blockchain currencies that are out there.
[00:05:04] There are various. Companies and individuals who are registered, who have all of the paperwork, if you will saying who owns, how much of what, and who paid, who and everything. And that by the way, is why it takes so long for some of these Bitcoin and other transactions to occur. But how about the NFT? There are tons of companies out there that say they will certify the NFT.
[00:05:34] So it gets to be real problem. And when we get into this Jack Dorsey tweet and this article about it, which are will, let me pull it up again here for you guys. This guy, Sina S bought the very first tweet ever from Twitter founder, Jack Dorsey for $2.9 million last year. And he decided that he wanted to sell it.
[00:06:03] So he listed it for sale again at $48 million last week. Real. He put it up for open bid and this article and CoinDesk is talking about that. And you can see that if you're watching me on rumble or YouTube, I'm showing you my screen here right now. But this Iranian born crypto entrepreneur named of again.
[00:06:28] As TAVI purchased it for $2.9 million in March, 2021. Last Thursday, he announced on Twitter where out, that he wanted to sell this and Ft. And he said, Hey, listen, I'm going to put 50% of the proceeds to charity. The auction closed, this was an open auction. People could go and bid on it and head auction closed.
[00:06:55] With an offer of basically $288, $277 at current prices when this article was written $277 and the lowest bid was $6. And as I recall, this is not in this article, but there were only. I handful of bids. Like when I say handful, I mean a half a dozen beds. Crazy. This is a real problem because the deadline is over.
[00:07:27] He paid how much for it, right? How much did he pay? Pull that up again. $2.9 million last year. And his highest bid was in the neighborhood of $280. Isn't that crazy. So did he get money on this? Did he win money on this? I don't know. I'm looking at those saying is it worth it to buy something like that?
[00:07:54] That you might think, oh, the very first apple computer, an apple. While that's going to be worth some serious money. Yeah, it is. It's something, you can grab onto, you can hold onto it, it's something and you can sell it. You can trade it. You can take a picture of it. You can't make digital copies of it.
[00:08:15] You, you, it's a physical thing. That's worth something. Same thing with that Picasso on the wall, it's really worth something that has some basic intrinsic value. Jack's true tweet. The very first tweet. How much is that thing worth? It basically nothing. So the tweet is showing he'll pull it up on the screen again that he's selling ad Jack 2000 6 0 3 21 at eight 50 14:00 PM.
[00:08:46] Just setting up my Twitter. So there you go. There's Jack is very first to. And it's absolutely amazing. Is it worth it? Let me pull up some other stuff here for you guys. I'm going to pull this up here is Coinbase launching an NFT marketplace in hopes of appealing to crypto on mainstream users. So here's some examples from a man and FTEs.
[00:09:11] I'm going to zoom in on this for those of you guys watching on rumble or on Twitter. All right. Mean. Yeah actually you can see it on Twitter too, but YouTube, here you go. Here's some NFTs it's artwork and it's a creature. So you can buy creature number 7, 8 0 6 right now for six Eve. So let me see.
[00:09:34] Value of six. Ethereum is what ether, M two us dollars. So for 3000. And $84. As of right now, you can get a crappy picture that even I could have draw okay. Of this guy and look at all of the work this artist has put in. There's how many of these up here? 1, 2, 3, 4, or five, 10 of them. And it's the same head.
[00:10:03] Each time it looks like this almost the same eyes. He changes colors and he's got different background. It's absolutely not. So that's what they're trying to do right now, trying to sell these NFT. So who's going to buy that. Who's going to pay $3,000 for artwork that hunter Biden could have done with a straw.
[00:10:25] Anchored around. Here's another one. This is from ledger insights. NBA's launching dynamic NFTs for fans, baseball cards for the NBA that are basically just worthless. They're NF. Non fungible tokens. It has taken the crypto world by storm and people are losing millions as you look, but it really is changing the e-commerce world.
[00:10:54] Bitcoin blockchain. All of the rage, a lot of people are talking about it, but I got to say most people who are talking. I don't know much about it. And when it comes to anonymity, Bitcoin is probably the worst thing you could possibly do. It's amazing.
[00:11:12] There are a lot of misconceptions out there when it comes to technology, you have almost any kind of technology and blockchain and Bitcoin are examples of a very misunderstood technology.
[00:11:25] Now I'm not talking about how does it work? How are these ledgers maintained? How does this whole mining thing work? Why has Chan. Bandit. Why are a lot of countries going away from it, one country. Now the dictator said, yeah, we're going to use Bitcoin as our we're official currency. In addition to the U S dollar what's going on.
[00:11:48] It is complicated behind the scenes. It's complicated to use. Although there are some entrepreneurs that have made some great strides there. I saw a documentary on what has been happening in that one country. I mentioned. They are able to pay in us dollars using Bitcoin. So they'll go up to a vendor on the street.
[00:12:13] Quite literally they'll have their smartphone with them. The vendor has their smartphone. They type in 15 cents for the taco and a hit send. It goes to the other person and they have 15 cents worth of Bitcoin. By the way, these types of micro-transactions with the way Bitcoin is structured behind the scenes, make things even less manageable in the Bitcoin world than they have been in the past.
[00:12:40] And that's why in case you didn't know, Bitcoin is making some major changes here fairly soon. They've got to change the way all of this ledger stuff works because it takes too long. To record and authorized transactions. And these ledgers just get way too long when it comes to all of these kinds of microtransaction.
[00:13:04] So there's stuff going on, Bitcoin, there, there are many of these types of currencies out there. Theories comes one. You've heard about doge coin because of course that's Elon Musk has been talking about and many others and they're all different somewhat, but the main concepts are the. One of the big concepts, I'm going to pull an article up here on the screen for those watching on YouTube or also on rumble.
[00:13:30] But this is an article from our friends at wired magazine. And now you have subscribed to wired for many years. This particular one is about what wired is calling the crypto. Trap now that's a very big deal. It is a trap and it's a trap and a lot of different ways. And that's what we're going to talk about right now.
[00:13:56] Crypto is not what its name implies. A lot of people look at it and say, oh, crypto that's cryptography. That's like the German enigma machine in world war two and all of this new, great crypto that we have nowadays. And there are some pretty amazing new cryptographic technologies that we've been using, but no, that's not.
[00:14:17] What's really going on. You see the basic premise behind all of these technologies is the concept of having a. And this wallet has a unique identifier. It has a number assigned to it. So if I'm sending money to you, I'm going to have your wallet, ID, your wallet number, and I'm going to now send you some amount of fraction, most likely of a cryptocurrency and it's certainly if it's Bitcoin, it's almost certainly a fraction.
[00:14:49] And so I'm going to send you $100 worth of, let's say. What ends up happening now is these ledgers, which are public, are all going to record the Craig's sent you a hundred dollars worth of Bitcoin. Of course, it's going to be in a fraction of a Bitcoin. So sometimes there's rounding errors is not going to be really exactly a hundred dollars.
[00:15:12] Plus there's the amazing amount of. Tivoli volatility in the cyber currencies. So even though I meant just hitting a hundred dollars, mine ended up being 110 of it goes up. It might be 90. If it goes down you get that. You don't understand how that works. So the problem now is I have sent you a hundred dollars.
[00:15:33] And public ledgers that anyone can gain access to now say wallet number 1, 2, 3, 4 cent, a hundred dollars, two wallet, number 5, 6, 7, 8. Obviously the wallet, our bruises, a lot longer than that. So then it's fine. And there's a degree of anonymity there it's really called pseudo anonymity because in reality, it's not completely anonymous because people know the transaction occurred and they know the wallet numbers.
[00:16:03] Correct. It's like a bank account, and if I'm putting money into your bank account, that bank account number knows that the money came from a check that I wrote. Can you imagine that someone writing a check and that check I had a number on it, a bank account number, right? So it can all be tracked while much.
[00:16:19] The same thing is true when it comes to cryptocurrencies, these cryptocurrencies are in public ledgers and those public ledgers can be used with a little bit of work to figure out. Who you are. So this article here from our friends at wired gets really hairy. And it might be of interest to you to read, but this is talking about a take-down that happened, and this is a massive take down.
[00:16:51] This take down was of a whole group of people who were involved in some really nasty stuff. In this particular case, what it was kitty. Just a terrible thing and the abuse surrounding it. So this logical goes into not a lot of detail. I'm not going to read it because here on the air, because I don't want to upset too many people.
[00:17:15] Cause it's some of the details of this evening to think about them are incredible. But. This the police broke into this middle-class suburb home in the outskirts of Atlanta. And he there was Homeland security. It was a guy from the IRS and they came in, they took all of their electronic devices.
[00:17:38] They separated the family, putting the father who is an assistant principal at the local high school assistant printers. And he was the target of this investigation. So they had him in one room, they had his wife and another room and they put the two kids into a third room and they started questioning him.
[00:18:00] Now, this is part of a takedown of a, as I said, a whole ring of these people, including this assistant. Principal at a school. Can you believe that? So this IRS guy had flown in from Washington DC to have a look over what was going on, but this agent from the IRS and his partner whose name is let's see, his name was Jenn S Scouts.
[00:18:26] I probably got that wrong. And Tigran GAM bar Yan, Cambodian, and they had a small group of investigators and they were at a whole bunch of different federal agencies, not just the IRS. What once seemed to be. Untraceable was no longer untraceable. Now I've talked on this show before about a lecture I went to by the secret service about how they had tracked down and shut down the world's largest website that was being used to sell illegal materials online.
[00:19:01] And it's fascinating what they did. But frankly, they're calling this particular boss to proof of concept and that's why they are IRS was in on this as well, but it was huge. Here's a quote from the IRS agent in this wired magazine article. He's saying he remembers how the gravity of this whole thing.
[00:19:21] Let me pull this up on the screen too. So you can read along here, but this was a high school administrator, a husband, and a father of two, whether he was guilty or innocent. The accusations, this team of law enforcement agents were leveling against. There are mere presence in the home would almost certainly ruin his life.
[00:19:44] And he, as well as these other people were counting on anonymity from Bitcoin. Now, obviously I'm glad they got taken down, but listen, folks, if you think that it's safe, that it's anonymous, it ain't Bitcoin just ain't there. Craig peterson.com stick around.
[00:20:05] I've been blamed for really complaining about people not updating their software. And that includes things like firewalls. The FBI has stepped in and they are going ahead and doing updates for you.
[00:20:21] What should we be doing as a country?
[00:20:26] People are. Updating their software. They're not updating their hardware. And particularly our hardware take a look at what's been happening with the firewalls and the firewall concerns. Everybody has some sort of firewall will almost everybody, but enough people that we can say, everybody has a firewall, you get your internet from you, name it.
[00:20:50] And because of the fact they're using something called Nat network address translation, they've got some sort of firewall in front of you. So for instance, You've got your phone, right? You're using your phone and it's got internet on it. You're going through whoever your carrier is. And that carrier is giving you internet access, right?
[00:21:14] They don't have enough IP addresses, particularly IPV four, in order for you to get your very own unique little address out on the. No they do. When it comes to V6 things a little bit different, but your device is not completely exposed on the internet. Windows comes to the fire. And by default, the windows firewall is turned on.
[00:21:35] Now this gets more than a little concerning because that firewall that's turned on. Isn't really doing anything because I've got a firewall turned on and yet every service is accessible from outside, which is defeating the purpose of the firewall. Again, it's a complaint I've had about Microsoft now for.
[00:21:55] Decades, which is they have features that are just check boxes. Yes. Yes. It's got a firewall. Yeah, it's turned on, but the features don't work. So having a firewall and having everything open defeats the purpose of a firewall max do not have a firewall turned on by default, but they do have their services to say.
[00:22:18] Which is just as effective if not more effective. So one of the things we advise people to do is go into your windows system, into the firewalls and your security settings, and turn off any services that you're not using. If you're not sharing file systems, then turn that off. In other words, You're mounting the G drive or whatever you might call it from another computer, then you don't need it.
[00:22:44] If you're not as server for what's called SMB, then you don't need to share it. So turn off everything that you don't need. That's going to happen is one of your programs isn't going to work, right? And the, what you did last year, you're going to turn it back on and you can do a lot of research online to find out what they are.
[00:23:04] We have over 200 settings that we change in windows. When we get a customer. Now on the Mac side, you can turn it on. I liked turning it on. I liked turning off the ability to see my machine. So in other words, the ability to be able to. So I turned it on and I enable specific services. And again, you can do some research on that.
[00:23:30] I've got an improving windows security course that people have taken, and we should probably do that again, if not just have some free webinars on how to do this. So you guys can learn how to do it, but not that hard to do. Anyhow, bottom line is. People aren't updating their computers, even the Macs and windows.
[00:23:51] We have a client that would just started a new client and we're tightening things up and we've been finding Mac computers that are major multiple major revisions behind. And that to me is shocking. Apple Macs are just so easy to update. It is extremely rare that an apple update will make your computer break unlike in the windows world, where it's pretty common.
[00:24:17] So windows guys, I can understand, but your even more exposed, your bigger target, you need to keep up to date. So how about all of the other equipment that we. I've had warnings again and again, with you guys about what's happening with our smart devices that are out there, right? Our security cameras we have up in the corner, right?
[00:24:41] We have these smart thermostats, people are using the list goes on and on of all of this equipment that we're using that is exposing us because when was the last time you have. How about the firmware in your router or your wifi, right? Some of the devices that I recommend to people, and if you have any questions, just email me and [email protected]
[00:25:05] I can give you recommendations, even if you're a home user. Although my business obviously is working with businesses on what kind of wifi to buy, what you should get, what you should do. I don't charge for any of that stuff. Okay. You get it. But you have to ask. [email protected] So you get this information and you go ahead and you buy whatever it is, but you don't keep it up to date, which is why I tend to only recommend stuff that automatically updates.
[00:25:33] But that also means every few years you're going to have to replace it because unless you're using the good Cisco equipment where you can get a seven year life out of it you're not going to find that in consumer grid. So what's happened here. I'm going to pull this up on my screen for people watching this on YouTube or on rumble.
[00:25:52] But here is a thing that came straight out of our friends here from the FBI. This is from CSO. This is a a magazine that I do follow. But they're talking about what they call psych clock. Blink. So the article says for the second time in a year, the FBI has used search and seizure warrant to clean malware from devices owned by private businesses and users without their explicit approval.
[00:26:25] The FBI used this approach to disrupt a botnet, believed to be the creation of right. Government hackers. So the calling this SYEP clock cycle clubs, blink malware discovered earlier this year. So here's the problem. What do you do if you're the federal government, how do you try and keep your country safe?
[00:26:51] Now we know. We've got these military contractors. They make missiles that take out missiles, right? The provide defensive systems. You've heard of iron dome from years ago, all the way through all of the current stuff. That's what they do, but what do they do? What can they do when there's a botnet? A botnet is where there are multiple computers in this case, probably tens of thousands of computers located in the United States that are acting like sleeper.
[00:27:21] They sit there and they wait for commands as to what they should do. Should they try and attack a machine? Should they try and spread more? Malware, what should they be doing? And the, these things are vicious. They are absolutely nasty. And in this case, we're looking at Russian malware. So Russia effectively like the Americans.
[00:27:44] You might remember that TV show. It was great show, but that. Computers that are owned by you and me and our businesses and government agencies that are under the control of the Russians. Now you don't even know it. You're using your computer. You're playing games. You're going to Facebook, whatever it is you do on your computer.
[00:28:06] Your computer is under command and control of the Russians. So the FBI goes to a court and says, Hey, we've got to go ahead and shut this down. We need a warrant. They get the warrant and the search and seizure warrant lets them now. Get on to these machines that are part of the bot net or the controlling machines for the bot net, and either remove the malware or go ahead and take control of the botnet themselves.
[00:28:34] So it can't be used. And by the way, our friends at Microsoft they've gotten involved in this too, which is really frankly, cool in shutting down some of these botnets, Hey, I want to encourage everyone. Take a couple of minutes, go to Craig peterson.com/subscribe. That's Craig Peterson. CREI G P T R S O N.
[00:28:57] And subscribe, and I'll be sending you a special report on passwords. Plus two more. I send out the most popular special reports that anybody has ever asked for.
[00:29:10] Hey, I've got a little bit more to discuss on what's happening with Russia and Microsoft and more, but I'm also going to talk about QR codes. There is a great explanation. That's in your newsletter from Monday about why you shouldn't trust 'em.
[00:29:26] Let's finish up this Russian thing. And then we're going to get into why you cannot trust QR codes and a brand new way.
[00:29:36] The bad guys are using QR codes to really mess with us. Now, if you're watching over on either YouTube or on rumble, you'll see this. Let me pull up my screen for you. But here we go. Okay. This is very interesting. Then the last segment, we talked a little bit about what our friends over at the FBI had been doing, which is they have been removing malware from people's computers because people haven't been keeping their computers up-to-date right.
[00:30:11] Part of the botnets. So we explained. At the FBI, isn't the only one out there trying to stop these Russians and the hackers anonymous has been very big at it. In fact, let me pull up this other article. This is from security affairs. And here we go. And it's talking about this whole army of these anonymous hackers.
[00:30:35] Now none of us have been a nightmare for many businesses that they didn't like. I had an anonymous we'll go ahead and they'll do usually pretty basic stuff. They'll do denial of service attacks and some other things, so they don't like you because of. The don't say gay bill in Florida, and, without bothering to do any research, they'll just start attacking organizations that support it, or organizations that don't support it depending on how they want to do it. So this is an interesting article here, because it's talking about these various. Websites that they've hacked. Now, some of them are government site and some of them are private industries. Now, one of the cool things, bad things about hacking private industry and releasing the emails is now the competitors to these businesses know what they're doing.
[00:31:31] And in some cases there's proprietary technology that's being released. Now, when it comes to Russian proprietary technology. The Western world doesn't care a whole lot about some of it, but here's some examples of what these hacktivists of GoDaddy. This is a company called forest 37,000 emails stolen from the company, Russian logging and wood manufacturing firm.
[00:31:55] Again, it would give a little bit of an idea into the whole Russian, what are they doing? In the forest industry. This one, I think is a little more concerning for the Russians Aero gap. This is an engineering company that focuses in the oil and gas industry. Their clients include a whole bunch of Russian companies.
[00:32:15] They've leaked approximately 100,000 emails from Aero gas. That is a huge deal because so much of the country's revenue, the number one industry in Russia is oil and gas. Petro Fort one of the largest office space and business centers in St. Petersburg, the hackers have leaked approximately 300,000 emails from Petro fork.
[00:32:41] Again, you can use that to find out what's happening in your economy. What. Doing how are businesses doing? Are they going to go under so you can see some tweets here. I've got them up on my screen on YouTube and rumble anonymous. What they're saying that they've done and you can follow anonymous directly on Twitter.
[00:32:59] Particularly fond of them. They've done a lot of things that I disagree with. This is really telling us about a whole new approach to warfare, right back in the day, you and I couldn't get involved, we could potentially take up arms and go and fight right there and think about the Spanish American war.
[00:33:18] Think about what's happening now in Ukraine, where Americans have just gone over there. Taken up firearms in order to help them defend Ukraine. People who are maybe of Ukrainian descent, maybe not right. We have never seen this type of involvement by average citizens because anonymous is not like some big fancy company or government agency anonymous is a bunch of people who are trying to be anonymous and do something.
[00:33:50] So they stole 145 gigabytes. Look at this. It's just crazy. So he. The anonymous Twitter thread itself, right? Talking about what. It's absolutely incredible. Incredible. So that's what anonymous is up to. They are hacking Russia and they're hacking Russia in a big way. Now, next stop. We have our friends at Microsoft.
[00:34:15] Microsoft has been seizing Russian domains that they are accusing of having been linked to these Russian hackers that have been going after think tanks and government agencies in the U S and the. He knew, I shouldn't say which I'm sure includes the UK cause UK has gotten involved. So this article from the verge is talking about how Microsoft has seized seven domains, belonging to fancy bear apt 28 which is we've seen them active in a number of companies here, right in the Northeast United States.
[00:34:57] These companies who are. Trying to provide materials, software, hardware for government contracts, right? So they're not even direct government contractors for the feds. They are just a sub contractors. And then we've seen fancy bear in there. We've seen the Chinese in these companies. It's incredible.
[00:35:19] They have no. DIA that all of their intellectual property is being stolen, which is why the federal government has started cracking down on contractors and subcontractors and the, this whole paragraph 70 12 thing. We're getting geeky here, but companies that have to protect even unclassified information, confidential, classified, and they haven't been so Microsoft.
[00:35:46] Obtained a court order. You can see this on my screen, over at YouTube and at rumble to take control of each domain on April six, that then started redirecting them to a sinkhole. So what they do is they take control of the DNS for the domain. So the root name servers, now, point to a Microsoft name server, and then send them to a sinkhole.
[00:36:09] A sinkhole is basically nowhere you go there. There's nothing on the site, right? Or in this case also servers used by cybersecurity experts to capture and analyze malicious connections. And they'll do this. Oftentimes, when we're talking about these botnets, like we talked about a little earlier today, so apparently they're trying to establish long-term access to the system.
[00:36:33] So the targets, what did we just talk about? Long-term acts. But net, right? That's what button that saw. So Microsoft has gotten involved. They've been doing this now for a little while. It's obviously not their normal business model, but it is something that they've been doing. They were also, by the way, the fancy bear link to these cyber attacks on the DNC in 2016.
[00:36:57] And they also targeted the UFC election in 2020, which is why, part of the reason why anyways, don't use electronic equipment for our elections, have paper ballot, have people count those ballots yet it takes longer. You can't have the instant thing on TV, which is why all of these new services, they all don't do that.
[00:37:18] That's ridiculous. But it's the only thing we can guarantee that these guys, like I got it up on the screen again. Fancy bear the Chinese et cetera. It's the only way they can get in. And if we were doing paper ballots and we had bipartisan people counting the ballots and independence, counting the ballots, observing this, we wouldn't have all of these problems that we had with the last election where people were saying it was stolen.
[00:37:48] It was hacked. How do we know it was stolen? How do we know it? Wasn't stolen? How, go back to paper ballots, get rid of the scanning machines and particularly get rid of these electronic voting machines where you touch the screen to cast your vote. Those things are ridiculous. What if there's a software bug in it?
[00:38:06] How can you go back and change the vote? People that complained about it again, and wait a minute. I voted for this guy and you had to record my vote for the other guy. It's ridiculous. Anyways. Back to QR codes. Okay. I'm going to pull this up on this screen because I think this is a cool article here.
[00:38:25] This is from a, actually a site over in India. It's called scroll.in, and they're talking in here about how hazardous it can be. To use QR codes. Now they're not saying don't use QR codes, we've all had to use them. I've got up on my screen, this picture of being at a table. And you scan the QR code in order to get the menu.
[00:38:48] In order to order, I did that. I was in Vermont and we were riding motorcycles or buddy, and I go into the little tiny. Restaurant, small restaurant and I had a half a dozen tables and they didn't have menus. You scanned it, the QR code that was there on the table and you placed your order. And off it goes a lot of places they've been doing that with menus.
[00:39:11] You've seen that more and more saves them money as well and lets them change their prices more frequently. Yeah. Thanks for that inflation guys. Why shouldn't you use these QR codes? Why should you be extra careful? Here's the answer. QR codes are the URL of a webpage. That's the bottom line. Would you click a random URL that came in an email?
[00:39:37] Would you click on a random URL in an ad or on a web page? We certainly know better than to cook URLs in our email. But that's exactly what the QR code is. And on top of it, the URL in a QR code tends to be what we call a shortened URL. So it might be Bitly, so might be bit.ally/and then some random characters.
[00:40:04] How do you know where it's going to take? You don't all you know, is it's going to take you to Bitly, but that Bitly URL could be sending you to a malicious site. And now your phone could be hacked. It could be using your phone for Bitcoin mining for who knows what. So be very careful and the bad guys are using these in a different way that you might not have seen before, which is they are embedding QR code graphics.
[00:40:34] Into emails. And they're thinking that people are going to hold up their phone to the email and what are they going to do? They're going to scan the QR code that was in their email. And now they're in trouble. Yeah, that's simple. Hey, visit me online. Craig peterson.com. Make sure you sign up for my newsletter.
[00:40:53] Craig peterson.com/subscribe course, Craig Peterson, S O n.com. And I'm going to send you. Top three special reports, absolutely free. We got to take care of these bad guys.
[00:41:08] This is a big deal, quite literally a big deal. Russian malware. We have been able to track it down now, track it down to a single site. Yeah. All of these bad guys are in one building in Moscow.
[00:41:25] Hi everybody. Of course, you're listening to Craig Peterson. Thanks for taking a little bit out of your day today. As we continue to really talk about the stuff that's most important in the world, and there could be nothing more important, I think, than some of our cyber security, our lives, our fortunes, et cetera.
[00:41:44] Last year we have to pay attention to well, This is a very big story and it's a bit of a scary one as well. We've had a lot of ransomware over the years and a lot of ransomware. Have you had it yourself? I bet you, if you haven't, someone who has had ransomware because frankly it is pervasive in every aspect of pretty much everybody's life out there.
[00:42:12] So when you get hit with ransomware, Lately something a little different has happened. It's really gone through three phases. The first phase was the ransomware would get on to your system. Usually it came as an attachment, probably embedded in like a word file it's been embedded in PDFs, embedded in all kinds of stuff.
[00:42:35] Even drive by downloads on websites, have brought malware. But in this case yeah, it was annoying. It was a problem. It would give you a red screen. You've probably seen it before warning about the ransomware and it told you, okay, here's what you can do to get your files back. And in order to get your files back, you usually.
[00:42:57] To go to some exchange online, take dollars, buy of course, Bitcoin, or some other cryptocurrency. And then that cryptocurrency would be used in exchange now for you to get a key that would hopefully decrypt everything. And in reality, it often didn't encrypt hardly anything. So it's been a problem and a problem for a lot of people.
[00:43:23] The FBI said that at the time. So this is a gen one of ransomware. You were lucky if 50% of the time you got all your data back, gen two of ransomware is when the bad guys started getting a little bit smarter. They didn't just take your files. Thumb and then say, Hey, pay up buddy. What they did at this point is that got onto your systems and they poked around.
[00:43:46] They went we call in the industry, east west on the network. So they got onto you, maybe your kid's computer may, maybe you were hooked up via VPN to the office to do work. And it wasn't a great VPN. And the kid's computer had that virus and that virus weaseled his way all the way over the VPN, directly to the office, because remember.
[00:44:09] VPNs are. A network private in that. Yeah. Okay. It's encrypted. And so someone who's got a wire tap isn't necessarily going to get anything, but it's a VPN, it's a tunnel. And that tunnel was used a many times for malware, like brand summer to creep over to the office network. That's an east west is going from.
[00:44:30] One machine to another machine. And in businesses, man, you saw that one a lot as that ransomware moved around. So that was the second one. So the rents were going on the machine. It would then look for files that is. You might not want to have exposed. So it looked for files with bank account numbers in them, social security numbers, maybe intellectual property.
[00:44:57] We saw a lot of that. Theft is continuing to go on primarily from the Chinese and then an intellectual property theft. And what happened next? While of course it ended up moving the data, the files, and then what they would do. It's encrypt your desk. So before they gripped your desk, they got copies of all of the stuff they thought might be important to you.
[00:45:20] So now the threat was in version two of ransomware pay up, or if you don't pay up, you are going to have to pay us to not release your files. If you didn't want all of that client information online, if by law, you would get nailed for having that client information out online. And that's true in most states now, and the federal government's from putting some teeth on some of their laws as well, then what are you going to do?
[00:45:49] Yeah, you paid the. So that was version two version three that we're seeing right now of ransomware is simply destructive. And if you go way back in history, you may remember I got hit with the Morris worm, which was one of the first pieces of nastiness out on the internet. And that was early nineties.
[00:46:13] My business that I owned and was running, got hit with this thing. Even before that, There was ran. There was a nasty where viruses, if you will, that would get on the computer and destroy everything. It was just a malicious, as I remember, somebody at UC Berkeley, some researcher in it. And he didn't like what that of the researchers were saying about him.
[00:46:35] So he put some floppy disk together and on them, he put. Erasing malware and shared all of the stats with anybody. And of course, you plugged that disc into your, that little floppy disc into your windows computer. And it says, okay, I'm going to go ahead and open it up. And, oh, look at this, a virus.
[00:46:56] And so he then wiped out the computer of everybody else. That was a competitor of his out there in the industry. Yeah, a little bit of a problem if he asked me, so how did that end up getting around? What ended up happening while everybody got really upset with him, nobody really found out what was happening, who did it, et cetera.
[00:47:19] That's what's happened. Now, so version three of malware is like some of the very first malware we ever saw version three of ransomware. So some, again, some of that very first ransomware was pretty nasty is not the sort of stuff you want to see running destroying files, but at least you could get back from a.
[00:47:40] Nowadays, a lot of people are doing backups by attaching a disc directly to their machine, or they're backing up to another machine on the same network. Remember that whole east west thing, you didn't want the data going back and forth, it causes problems. Yeah. So what happens now? The Russians apparently are just trying to cause havoc with businesses, anybody who has decided that they're going to be anti-Russian in any way there they're attacking.
[00:48:13] So they'll, reraise your desks. They'll erase all of your data. If you have backups on that thumb drive or that USB external. The good news erase that if you have backups on another machine, on the network, hopefully from their standpoint, there'll be able to get onto that machine and erase all of your backups, which is again, why we'd like 3, 2, 1 backups.
[00:48:34] At the very least, there's some others that are even better. And if you're interested, send me an email [email protected] I'll send you a webinar that I did on this. I'm not charging you for. But it was a free webinar to begin with what a webinar on backup and how to backup properly and why to do it this way.
[00:48:54] Again, me, M E Craig peterson.com. Be glad to do that. What we're seeing now is a huge problem. Let me see if this is going to work for us. Yeah. Okay. It is. I am, by the way, live here we go on my computer. So people who are watching. I can see my desktop. So here we go. This is Russian companies who are linked to this Russian malware.
[00:49:24] Ransomware are hiding in plain sight is what they're calling it. So what does it mean. To hide in plain sight. While in this case, what it means is money that's been paid by American businesses to these Russian ransomware gangs, some of who by the way, are actively going after anyone that criticizes Russia found these American researchers.
[00:49:50] Yeah. Led to one of Moscow's most prestigious addresses. You can see it up here on my screen. This is a New York times article. It's just a random actor, journalism people, sometimes even the New York times gets it. And they're saying millions of dollars have gone through this. So they've been tracing.
[00:50:10] Where did they go? The Biden administration has also apparently zeroed in on the building is called Federation tower east. It's the tallest skyscraper in the Russian Capitol. How would that be to have a business and just this beautiful tall skyscraper and have a view that would be really cool. So they have targeted some companies in the tower.
[00:50:32] As what it's trying to do is stop the ransomware guy gang. Maiden cryptocurrencies. Russian law enforcement usually has an answer to why don't you just shut down these bad guys that are out there trying to steal all of our money. They say there is no case open in Russian jurisdiction. There are no victims.
[00:50:51] How do you expect us to prosecute these honorable people? That apparently is a quote from this Massachusetts based secure cybersecurity. Called recorded future, but I'm looking at a picture it's up on my screen right now. You guys can see it, but this is the Moscow financial district called Moscow city.
[00:51:10] 97 floor Federation tower east. This is really pretty, you wouldn't know this isn't like London or any other major European capital. There's some cranes in the background building up new buildings. The cyber crime is really fueling some growth there in Moscow, which is, if you ask me the exact reason why lad is happy as a clam to just go ahead and have these Russian cyber crime guys.
[00:51:43] Just go and bring money in right. Money is bringing in great money for them. The treasury department, by the way, it's estimated the Americans have paid $1.6 billion in ransom since 2011. Huge one ransomware strain called RIAA committed an estimated $162 million. Last year. It is really something.
[00:52:07] So when we come back, we've got a lot more to talk about. We're going to talk about the cloud. If it's more secure or why is it calm, broken, give masks work. Why aren't they working right. Anyways, we'll talk about that. When we get back and visit me online, Craig Peter sohn.com.
[00:52:26] Stick around.
[00:52:29] I hate to say it, but there's another big scam out there right now. And it is hitting many of us, particularly the elderly quite hard. We're going to talk about that right now, what you can do about it and how you can recognize when it's happening.
[00:52:45] Interesting article that came out this week in wired.
[00:52:49] It's actually in Wired's. Let's see, what is a March 2022 issue. It wasn't this week. Nevermind. And it's talking about a serious problem. I'm going to show you guys who are watching I have this on rumble, YouTube, Facebook as well. So you guys can see along and of course, right here, too.
[00:53:11] Now let's not forget about that, but this is an article that says we were calling or excuse me, they were calling for help. Then they stole. Thousands of dollars. I'm going to read parts of this article. It's just amazing. It's by Becca, Andrew's a back channel. What is that? Okay, so that's just a cat.
[00:53:33] On December more one December morning, my mother's phone rang. She tugged the iPhone from the holster. She kept clipped to the waist, her blue jeans and wondered who might be calling perhaps somebody from the church who was checking in on her recovery from Corona virus. Hello. She said the voice that greeted her was masculine.
[00:53:53] This is just great writing. The color sounded concerned and he told her something was. With her Amazon account, somebody has access to your bank accounts through Amazon and they can take all your money. I'm calling to it. Her mind raced or Lord, she prayed silently. The voice was warm and reassuring them.
[00:54:15] My mom tried to focus closely on his words. My dad was driving to work in his truck and she was home alone. She'd been cooped up in the house for weeks with COVID isolated from her community and she missed the bomb. Friendly voice. I D I just love her language here. It's just phenomenal. She tried to steady herself.
[00:54:36] The man said he needed to make sure the money was safe. He transferred her to a different male voice. Soothing reassuring, calm. She promised not to hang up a brain injury decades earlier, made it hard for her to follow his instructions, but she stuck with it. The voice explained slowly, carefully, how to swipe and tap her phone until she had installed an app that allowed him to see what was happening on her screen.
[00:55:07] Now. You followed her every move. After some hour, she mentioned she had to relieve herself hours. It's okay. I'll stay on the line. He said she parked the phone, outside the bathroom and picked it back up. When she was done as Nooner approached, she told him I have to eat. I'll wait. It's okay. Don't hang up.
[00:55:28] We'll lose all our progress. She set the phone down on the counter to make a sandwich, then pulled some chips from the cabinet and padded over to the kitchen. The phone buzz with the text. It was my father checking in. She typed back that there was a problem, but she was fixing it. She had it all taken care of.
[00:55:48] She tapped the tiny white arrow next to the message field to send her reply. And then she heard the voice, its volume elevated as sounded angry. She frowned and brought the phone back up to her ear. Why would you do that? You can't tell anyone what if he's in. She felt confused that didn't make any sense, but she also didn't fully trust herself.
[00:56:10] She was worn. From her slow recovery and the steroid, she was taken as a treatment, gave her a hollow buzz of energy. Now I want you guys to go have a look at this over on wired site. Read the whole article. It is a phenomenal. Absolutely phenomenal. But what it's doing is telling the story of this woman who was trying to, do the right thing, trusting other people, which many of us do?
[00:56:40] I have a default trust with a little trepidation. I will admit that, but with the whole. Down the thing that happened, many of us have just been longing for a little bit of companionship and to hear a stranger who's trying to help out. That's a huge plus it goes on in this article and talks about how reassuring these guys were and what they did.
[00:57:06] She installed this cash app and opened up PayPal downloaded. Coinbase set up Zelle so she could send money directly from her bank account. She doesn't know about any of these things. It's just incredible. So the afternoon wore on and the guy said Hey, we're almost done. And her husband of course, was on his way back.
[00:57:30] And the sun was down. Father got home. He noticed right away that something was off. And she said she took care of it. And you said you took care of what I'm not supposed to tell you. It said, so the scammer had siphoned away. All of her personal information, the scammers had your social security number, date of birth driver's license number, and about $11,000.
[00:57:55] These new financial apps like Zelle and others that are legitimate PayPal apps, right? Zell, you can use to send money legitimately to someone else. But it links into your bank account. That's why I don't like them. I have a friend that's been pushing me. Oh, this happens. Great. It saves you so much money on gas.
[00:58:15] Look at how much money I've saved any. He sent a screenshot of it and I re I went online and had a look. And guess what? I read, reviews it again, like this tied into her bank account directly. And. What can happen? Like here, everything was emptied. So in the next few months this author of the story and her father tried to undo the damage.
[00:58:40] Very frustrating, getting scanned of course, is really dehumanizing and it just breaks your trust and other people. How could someone do something like that? It's just incredible. Got to go through the stages of grief and everything. She got a, she talked to people, she said she got chili half replies, or just as often silence.
[00:59:05] And she was calling around trying to find someone for some empathy. Okay. It's just incredible. Great article. If you can still find it, the March issue of wired, I'm sure it's available online. This goes on. And talks about her mother's seizures getting worse. And of course now they don't have the cash that they had been saving.
[00:59:27] And it just very depressing. Now I have this, you might remember about a year ago, I talked about it. I had something like this happen to a friend of mine and I'm still not quite sure what happened, but it looks like it was a password sprain or password stuffing. And they got into his, the app that his company uses to pay people and sure enough, they got in and they directed his next two paychecks to their own account, which went right out of the country like that.
[01:00:05] These are bad people. And how do you deal with this? It's incredible because if you've got someone like her mother who has mental problems due to no fault of her own and is a very trusting woman, what do you do? She's walking around all day with her phone on her hip. That's how we started this out.
[01:00:27] Do you take that phone away from him? Th that would be dangerous, frankly. So this is a very problem. They had a USAA account was her bank account. USAA is usually good about this sort of stuff. In fact, my other friend had USAA as well. But they did help deactivate Zelle, but they didn't do anything about the $999 that were transferred through it.
[01:00:51] Very bad. So they figured out maybe we should change our passwords. She had them change them. And if you would like information about password managers, again, I'm not selling anything. I'd be glad to send them to you. If you sign up for my email list, you're going to get them automatically. Craig peterson.com.
[01:01:11] I've got a bunch of data information I want in your hands. It talks about the free stuff, talks about the paid stuff. None of which I'm selling you. Craig Peter sohn.com. Sign up right there on the top of the page. Thanks. Stick around.
[01:01:32] We've had some serious supply chain attacks over the last couple of years. And they have caused all kinds of problems for tens of thousands of businesses. If you use WordPress, there was one of those this week.
[01:01:47] We have had supply chain problems. Like you wouldn't believe. So let's start out by explaining what is a supply chain problem?
[01:01:58] In this case, we're narrowing it down to cybersecurity because we've had supply chain problems from everything from our toilet paper to the food we eat. But what I'm talking about right now is. Supply chains when it comes to cyber security. And one of the biggest problems we had was a company that's supposedly providing cyber security for businesses, right?
[01:02:29] Some of the biggest businesses in the world. And I'm looking at an article right now from security Boulevard, say saying how to protect the supply chain from vulnerable third party code. It can be a script that's downloaded online. It can be an open source library. We've seen big problems with get hub lately and pulling in libraries.
[01:02:51] We've seen big problems with what are called containers lately, which are little mini versions of computers with all of the software. They're all ready to go. Ready and raring to go. All kinds of supply chain issues for a very long time now. And these supply chain, cyber attacks have been hitting some of our cybersecurity companies, really the hardest I'm pulling this up on my screen right now, if you're watching this on rumble or on YouTube, and you can see links to those, by the way, in my emails, I send out every week.
[01:03:28] Craig peterson.com. Craig peterson.com. But you can see here, supply chain hits cybersecurity hard supply chain security is not a problem. It's a predicament. That's uninteresting look because we have to use some of the supply chain stuff. Seesaw the FBI or a sheer wean cybersecurity advisories because of the Russian attack over on Ukraine.
[01:03:55] And then the U S the weakest link in supply chain security fears of rising fuel SISA FBI NSA and gestural partners. Issue is advisories Toyota stops production after possible cyber attack at a supplier. Isn't that something this goes on and on. What's a guy to do, right? Many of us are using websites to, in order to run our businesses.
[01:04:24] Heck we got websites for our soccer team, for the kids, we got websites for pretty much everything that's out there today and those websites need software in order to run. So the basic idea of the website is nowadays. Content management system, they called CMS CMSs and there have been a lot over the years.
[01:04:46] I've used quite a few myself off and on. This is very interesting though, because this particular piece of. Is code that runs a website. I'm going to show you this article from ARS Technica here on the screen, but it's talking about millions of WordPress sites that got a forced update to patch critical plugin flaws.
[01:05:13] So when we're talking about supply chain, in this case, we're talking about something. WordPress right. And this WordPress software as good as it is, can have bugs. So WordPress is the content management system. So you load stuff up into, in fact, I'll bring up my site right now. So I'm going to bring up the Craig peterson.com.
[01:05:37] And on my site, I have all kinds of stuff, which is why it's so slow to load. I've got to fix that one of these days, but this is an example of a WordPress site. So you can see right at the top of the site, I've got watch this week, show jobs, or top, of course, that was last week. You can watch it on rumble or a new tube, and then it's got my latest show.
[01:05:59] So if you click on one of these, here you go. And you can listen to it. Starts right out here. C ta-da. So there, you can listen to my podcast right there on the site, and I've got an automated transcript of it. It's for you, depending on what you want. It's got links over here to take you to iTunes or YouTube or Spotify or SoundCloud or iHeart or Google player audible.
[01:06:26] All of these links take you to different places. And this site in survey, Program a site in HTML. What we're doing is we're working. Putting some data in, so we say, okay, I want a default page. Somebody else has already set it up. Somebody else has already got an old program. It just works. And it's all right there for me.
[01:06:49] Here's some related posts on the side. Here's the most popular ones that we have right now. This is a content management system. And specifically this of course is WordPress. So what happened. If I had a, yeah. And here's what it looks like over an audible, you can listen for free on. This is what happened this last week, WordPress, which has this great software that I use and tens of thousands of others use out there very popular.
[01:07:27] And in order to make it easy for me to have my website, probably your business, probably your kids' soccer club, you name it is using WordPress. It's just over the top hop healer. It is using code that was written by other people. The reason we can make programs so quickly nowadays is we're relying on other programs.
[01:07:51] So we'll go ahead and we'll grab this program that does this part of what we need to have done, and ta-da we're up and we're running. I just have to write the glue right? To put it together. The API calls, whatever it might be, because the idea is let's make it easier for programmers. So you've got something called get hub here.
[01:08:11] Let me pull it up so you can see that you can go online if you're following along. To get hub.com. And as it says right there on their front page where the world builds software as a beautiful world, isn't it? That blue, you can see the air around it. And that's what it's doing is where the world builds software.
[01:08:33] So let's say we want something. What do we want? What's a, let's say we want something to make a chess program. We can talk about chess and let's say, oh, you have to. I Dan didn't want to do this, so I'm just going to skip that for now. But it would come up and tell me, okay here's all of the chess programs that are out there and I find one, that's close to what I want to do.
[01:08:54] So what do I do? Point while I go ahead and have a look at the license, a lot of the programs up there have a very open license, so I can just take that code, modify it. And I have a chess program without having to write a chess. It's really that simple that's part of the supply chain. If you bought my chest program, you would actually not just be getting the code that I wrote, which is typically just glue code with maybe some API APIs or application programming interfaces.
[01:09:25] In other words, you're using someone else's code would now make it who's program. It's like the Pharaoh's barge. It would make it other people's programs. Not my. So you got to figure out what's in my supply chain. I've got a new client. I do work as a virtual chief information security officer.
[01:09:46] Actually, it's a fractional Cecil. And as a fractional Cecil, one of the things I have to do is look at the whole supply chain. Who are they buying even physical things from. And could there be. Did it into their software, into their systems, something that might be coming from yet another supplier. Man, does this get complicated?
[01:10:09] Very fast, but this week, our friends at WordPress, they went ahead and forced all WordPress sites to update. Very good. Okay. Otherwise, people could have downloaded a full backup of the sites that are out there, something you really just don't want to happen. Anyways. Go right now, Craig Peter sohn.com while the bits are still hot and sign up right there.
[01:10:36] Craig peterson.com for the newsletter and get those special reports that are going to get you started.
[01:10:43] This is the moment you've been waiting for. We're going to talk about free cybersecurity services and tools that you can use. Now you have to be a little bit of a cybersecurity expert to use them, but not much. This is from the government.
[01:10:59] This is I think an amazing thing. This only came out within the last few weeks.
[01:11:07] I have it up on my screen. There we go right now, for those of you who are watching on rumble or YouTube, you can see it right there, free cybersecurity services and tools from. The cybersecurity and infrastructure security agency SISA reminds me of Marvel was shield, that really long name that came up with an acronym for as though they weren't aiming for that acronym in the first place, but there are some tools that you can use there's tools that I use as a cybersecurity professional.
[01:11:42] And some of them are obviously going to be pretty darn. Complex. And if you're looking at my screen right now, or if you want to go online at csun.gov/free-cybersecurity-services, dash, and the as tools, or just look it up online, you'll find this on my website as well. I'm going to try and make sure I get that up.
[01:12:07] But what they have done is they're showing you what they call their key or the known exploited vulnerabilities. Okay. And this is where they are showing the CVEs, which are. The frankly, these are the ones that I use. It is published by nest, which is the national institutes of standard and Sanders and technology.
[01:12:31] And this gives all of the details. So this is CVE 20 21, 27. Okay, and this is detail, and of course I would be using detail. And it's telling you, here's the advisories, there's one from get hub Excel. Leon has one. Here's the weaknesses, the SA the known soccer configurations. So you can find where they all are at and everything.
[01:12:56] So all of the details. So they're telling you about that. These are the ones, this was in the vendor product. Project, I should say. So we'll look at the data added to catalog. Here are a few in Cisco right now. So this is their small business series of routers, which we do not use for anyone because they don't provide the type of security you want, but Cisco is taking care of the problems, right?
[01:13:23] Many of these update themselves, here's Microsoft windows. And installer contains an unexpected unspecified vulnerability, which allows for privilege escalation, a lot of stuff this week, this is crazy Apache Tomcat, which I am never been a fan of and problems. So all of these came out. On March 3rd and more rights.
[01:13:47] This is just page one. So let's look at page two here. Oh wow. More Microsoft Excel exchange server, some more Cisco vulnerabilities. Why Cisco? Why Microsoft? Because they are frankly. The big boys on the block, that why do you Rob the bank? Because that's where the money is. So they list all of those right here, as he said, does the warning you do use multifactor authentication?
[01:14:16] I don't want to sound like a broken record, so I'm not going to say use multifactor authentication today. Okay. I just refuse to say use multi-factor authentication. And this one talks about what it is, right? Many names. Now they're trying to make this. But really a Fido key fast at any online considered the gold standard or multi-factor authentication Walt for online.
[01:14:40] It is websites, but not for authors. So how would you know that if you weren't an expert? So yeah, this is the government talking, right? So they have the service. So what does, what do I do right? Me, Mr. Idiot. I click on this and they are talking about the service that they've got them showing it up on the screen.
[01:15:02] It's called SISA insight. And they're talking about website, defacement, destructive malware, or not Petya want to cry, right? All these things. What can you do to prevent it? And. They make it sound easy. Now I want to say something here because I, I have a couple of mastermind groups and in one of my groups, I rescued a group member from a 40 something thousand dollar loss.
[01:15:31] And so I was explaining it in our next mastermind meeting. Cause everyone wanted to know. What should I do? How should I do it? And they all tuned out and I thought I was trying to, I was being simple enough. I was trying to be simple, not like simple Kamala Harris explaining that Ukraine is a country beside right next to another country called Russia.
[01:15:55] And that's why there's an invasion. Okay. I couldn't believe that. Did you guys hear that? It was just incredible, but I didn't get that simple. And I know you guys are the best and brightest, and you're trying to figure this, all this stuff all out, and that's why you need to make sure you sign up for my email list right now, because I do have simple step-by-step stuff.
[01:16:17] And these tools that they're talking about and services are supposedly available. Now, I went to a bunch of these. And I tried to get some services. So they said they'll do a free scan over the network. So I filled it all out and according to their standards, my company, because I do cybersecurity for everything from government contractors, through dentists and manufacturers and distribution companies.
[01:16:50] So I, I. The critical infrastructure definition. And I have never heard back from them. I check my spam box at least once a week looking for their reply. So I don't hold up a whole lot of hope, but there is some good information here that you can get email via social media via just all of these different types of things that.
[01:17:15] You could use for it. And again, I want you to look for it online. It's on csun.gov. If you go to their homepage, you'll see their tools, they've got a shields up a warning right now on their homepage because there have been so many attacks coming from China and coming from Russia, but particularly Russia.
[01:17:34] And you can see there. Stop ransomware.gov, which has some great tips, particularly for home users and small businesses. The Seesaw culture, height, hygiene services. That they have doing business with CSUN and careers they're looking forward to is okay. It's part of Homeland security. So there's a whole lot that you can do and you can find, but I wanted to let you guys know that this is out there.
[01:18:04] A lot of the stuff guaranteed is going to be. Above 98% of people's heads out there. Just in general, even it professionals. So look for information, that's going to help you. That's on your level. And to that end we have right now, three things. If you sign up for the email list, or if you're already on my email list, you can just email.
[01:18:30] [email protected] or just hit reply to any of my emails and I'll see it and ask for them. But we've got stuff on your computer, keeping it secure, keeping your password secure comparison between using a one password manager or using last pass, which I am not advising to use right now, but that's in there.
[01:18:54] There are a lot of different things that are there that are ready for you to get right away. And then if you have other questions, I've got dozens of little special reports that I've written in response to people's questions. Don't be afraid to send them to me. I'd you know [email protected] and I'll make sure I get you an answer because it's that important.
[01:19:20] Okay. I'm not here trying to sell you something. I am here because most of you guys can could never get my services. You don't need them. You can't afford them, whatever. I'm a fractional Cecil. I'm one of the guys that keep. It was a cyber security working in a live for businesses. Like it's not going to be everybody, but it's, it is there is, I should say a lot of information you guys need and need to understand, and I want to help you. Okay. I think I've beaten that horse enough and it was probably past dead, but you'll find some of this stuff on my [email protected]
[01:19:58] I've been working on some other changes to it. I would also ask you guys. If you're hearing part of the show today, I know a lot of people who are listening on the radio are tend to be out and about in their cars, listening, on the weekend, I listened to a lot of radio then, but go ahead and subscribe to either my podcast.
[01:20:19] And there are a lot of ways to do that. And I showed those people who are watching on video, how to do that. And if you would give me a five star. On whatever platform you're using, hopefully I've earned that. And then also if you'd like video, I have my whole show up. It's like about an hour and a half long on multiple platforms.
[01:20:44] So rumble.com rumble, R U M B L E. Is a competitor to YouTube. So if you don't like censorship, if you want a site that is trying to keep that information out there, get it out there for you. A rumble is your place. You'll find all kinds of interesting characters there other than myself, right? A lot of conservative people go there to rumble.com.
[01:21:09] I have it up on YouTube. Because YouTube, isn't the worst platform in the world. They're also not the best, but they are the biggest. Did you know, YouTube is the second largest search engine in the world. Okay. They have a lot of people on YouTube and then on Facebook as well. You'll find me there on Facebook.
[01:21:28] Of course, Craig Peterson, I had. I excuse me at facebook.com/craig Peterson. And I didn't use it for a long time cause I hated Facebook. Just, I looked at it as a time sink that I just didn't need. I got a lot of stuff. I got a lot of people help and so I didn't really do anything with it. And so somebody else got the slash Craig Peterson, but I do have a trick for you.
[01:21:52] If you go online with your web browser to Craig peterson.com. That's my website slash. YouTube. It'll take you right to my YouTube page. Ores Craig peterson.com/facebook. Yes. What do your Facebook page? Craig peterson.com/itunes. Good slash sound cloud, et cetera. It'll take you right to my page on all of those sites and have a look at the video.
[01:22:21] Let me know what you think. I would appreciate that feedback and make sure you tune in on the radio too. It's great. Don't watch this while you're driving to taking the kids to school, a lot of people listen to this while they're taking the kids to school on podcast. Anyways, take care. Thanks for being with us.