loader from loading.io

Welcome! CHARGES: Obstruction of Justice for Uber Security Chief plus more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Release Date: 09/25/2020

AS HEARD ON: WGAN Mornings News with Matt Gagnon: Elections, Hacking, USB Safety show art AS HEARD ON: WGAN Mornings News with Matt Gagnon: Elections, Hacking, USB Safety

Craig Peterson - America's Leading Security Coach

Good morning everybody! I was on WGAN this morning with Matt Gagnon and started off this morning talking about Iran and the letters sent to some of US Voters. They were purported to be from the Proud Boys but were from Iran.  We also discussed a bit about Election Hacking and then got into, How safe are our USBs? Here we go with Matt. These and more tech tips, news, and updates just visit - CraigPeterson.com --- Automated Machine Generated Transcript: Craig Peterson: [00:00:00] Typically what's been happening is that the polling places go to the Secretary of State's website, enter in the...

info_outline
AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Search Terms, Letters to Voters, Iran,  show art AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Search Terms, Letters to Voters, Iran,

Craig Peterson - America's Leading Security Coach

Welcome! Good morning, everybody. I was on WTAG this morning with Jim Polito.  We got into a lengthy discussion about some letters purported to be to democrats from the proud boys. Then we talked about Hunter Biden and recycling phones. Here we go with Jim. For more tech tips, news, and updates visit - ---  Automated Machine Generated Transcript: Craig Peterson: [00:00:00] In the US, it says you will vote for Trump on election day, or we will come after you. No, this is really scary. It's reached voters and multiple States. Now, obviously, as I said, the Feds are involved. Hello...

info_outline
AS HEARD ON NH Today WGIR-AM 610: Iranian Email and Other threatening Letters, Ransomware in Louisiana  and The National Guard, Election Result Vulnerability  show art AS HEARD ON NH Today WGIR-AM 610: Iranian Email and Other threatening Letters, Ransomware in Louisiana and The National Guard, Election Result Vulnerability

Craig Peterson - America's Leading Security Coach

Welcome, Good Monday morning, everybody. Craig Peterson here. I was on with Scott Spradling on NH Today. We discussed the threatening Email and letters being received by voters and where they came from. We talked about Google search terms. Then we discussed why The National Guard has been called up in Lousiana to deal with Ransomware. We wrapped up today's discussion with election security in the light of revelations by the FBI and DHS about Nation-State Actors accessing our election systems through known vulnerabilities in the Secretary of State Websites. Here we go with Scott.  These...

info_outline
 Hunter Biden and Computer Repair Shops plus more on this Tech Talk with Craig Peterson Podcast show art Hunter Biden and Computer Repair Shops plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig gets into some detail about why Hunter Biden's laptop that he took to a shop and never picked up is now in the hands of the FBI/DOJ and the things he did wrong when he took it in for service -- and no -- it has nothing to do with Russia. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Yeah, I'm sure you heard about Hunter Biden, and what happened with his computer when he took it in for repairs? How about your computer? We'll be getting into that right away, right off the top. And then...

info_outline
 Data Privacy and Computer Repair plus more on this Tech Talk with Craig Peterson Podcast show art Data Privacy and Computer Repair plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig continues his explanation about computer repairs and what you can and must do to protect your data and privacy. Back up your data! Also, the proper way to destroy old disks. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Do you know, what's on your computer? Do you know what they do with it? At some of these repair shops that you take your computer when it gets slow and something breaks? When you're just trying to figure it out? What the heck is happening here, man? We've got an...

info_outline
Continuation of The Considerations Surrounding Privacy and Computer repair plus more on this Tech Talk with Craig Peterson Podcast show art Continuation of The Considerations Surrounding Privacy and Computer repair plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig continues his explanation of what you need to do if you have to take your computer to a shop to be repaired. This segment covers encryption. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] We're going to talk right now a little bit more about removing that personal data before you send it in for repair and a couple of other things that you need to know about your rights when it comes to repairs. Hey, you're listening to Craig Peterson. Thanks for joining us today. Next up is probably...

info_outline
DHS and FBI Warning about Election Hacking plus more on this Tech Talk with Craig Peterson Podcast show art DHS and FBI Warning about Election Hacking plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig explains why DHS and the FBI are warning us about Election Hacking and why it individual State Website Security is the culprit. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] We've talked about the potential here of hackers getting into our election systems and what are they going to be able to do?  No, I've never been really big on this, but now FBI and DHS, well they're both disagreeing with me. Hey everybody. Welcome back. You're listening to Craig Peterson. I've talked about...

info_outline
IRS and Data Aggregators plus more on this Tech Talk with Craig Peterson Podcast show art IRS and Data Aggregators plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses how the IRS gets around collecting data on US Citizens.  They buy the information from these private Data Aggregators like our friends at Equifax - who by the way collect tons of information on you without your permission (you have no say in what information they collect) and then sell it! For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson (2): [00:00:00] Coming up in this hour, we're going to talk about the IRS. Yes. Investigated for using location data without a warrant. We're going to...

info_outline
Data Aggregators and Biometric Databases plus more on this Tech Talk with Craig Peterson Podcast show art Data Aggregators and Biometric Databases plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

In this very busy segment, Craig addresses a number of tech issues that are in the news right now. First off BEC scams.  Business Email Compromises are also commonly known as Spear Phishing scams and target executives.  In the past, many came from outside the US but this has changed.  Next, he discusses what happened with Excel and the loss of some Covid data.  Then he explains why the IRS is looking at Cryptocurrency on people's tax returns. So let's get into it! For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated...

info_outline
Dangers of Biometric Databases and CLEAR's new focus plus more on this Tech Talk with Craig Peterson Podcast show art Dangers of Biometric Databases and CLEAR's new focus plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses CLEAR and why what they are doing now is NOT a good idea. These biometric databases can be hacked just like any other database.  The Danger is - there is no way to guarantee 100% security of your data and if it gets hacked -- You can't change your biometrics! For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson (2): [00:00:00] Hey, who has your biometric information? Is it really a problem? You've got your phone, you unlock with your face or your, maybe your fingerprint, your thumbprint....

info_outline
 
More Episodes

Welcome!

Craig discusses a hack at Uber that ended up with its Chief of Security facing Obstruction of Justice charges. 

For more tech tips, news, and updates visit - CraigPeterson.com

---

Read More:

Patch Tuesday (September 2020): Microsoft Addresses 129 Vulnerabilities

Ransomware accounted for 41% of all cyber insurance claims in H1 2020

A bevy of new features make iOS 14 the most secure mobile OS ever

Don't Fall for It! Defending Against Deepfakes

Patient dies after a ransomware attack reroutes her to a remote hospital

Lock your doors, people: Verizon breach on unsecured AWS server exposes 14M customer records

Time for CEOs to Stop Enabling China's Blatant IP Theft

Newly Patched Amazon Alexa Flaws -- A Red Flag for Home Workers

 
 
 
 
 
 

---

Automated Machine-Generated Transcript:

Craig Peterson: [00:00:00] Hey, I've got a story right now that should be a word of warning to businesses that have personal information. If you are working for a company and they've got your personal information, you're going to want to hear this too.

Hi everybody Craig Peterson here on WGAN. Thanks for joining me today. I'm on every Saturday from one until 3:00 PM. And if you miss any part of the show, make sure you go online. Craig peterson.com. You can also find me on tune in and any other streaming podcast app that you might care to look for me. I'm pretty much everywhere.

We are going to talk right now about Uber. There are many people who are really not knowledgeable about security that are in security jobs and positions. I would say that the majority of people that are in jobs responsible for security are not fully qualified. They know more than everybody else in the organization, but that doesn't mean they're qualified. So that's one class.

Of course, you have the people who really do know what they're doing. They are few and far between. Then you have Uber's former chief security officer. He just got nailed over a coverup of a hack that had occurred at Uber. This is really fascinating because he played some games.

He played very fast and loose with the truth and a criminal complaint ended up getting filed against him. In federal court this week, the guy's name is Joseph Sullivan. If you look at a picture of him, he's got the kind of beard that almost makes him look like he's one of these gangsters.

 I have a thing about facial hair and maybe it's just my generation, my age. I'm not sure what, but he looks creepy to me, that a beard thing that he has Joseph Sullivan, but he was charged with obstruction of justice and misprision of a felony connected with the attempted coverup of a 2016 hack of Uber.

Now isn't that interesting here? And this is a, I'm getting this from justice.gov and it's United States attorney David Anderson, and the FBI were involved in this, Craig de Faire. And this is really an interesting story when you get right down into it. And we'll cover a little bit of that right now.

But according to this complaint that was filed between April of 2015 and November of 2017. This guy, Joseph Sullivan, he's 52 years old lives in Palo Alto, California. Where else he was Uber's chief security officer. Now, he was contacted by two hackers via email that said that they had been able to hack Uber's system and they were able to download a database that had personally identifiable information-on 57 million Uber users and drivers. Now, remember Uber is the company that had this God-mode is what they called it. Uber is a company that had employees, including apparently their CEO. Watching people getting driven and where they started, where they ended up. Now, we'll go, okay. you got to do a little quality control. Hey, I get that.

It turns out they were monitoring celebrities, finding out where the celebrities lived, watching them go, where they were going, that the type of stuff you need. Yeah, in order to twist arms, right? Hold their data a little bit in ransom, little pirate operation going on there. So they got in trouble for that one too.

They have been hacked before. So apparently this Joseph Sullivan guy, when he got the email look to see, did this actually happen? And they found, yeah, indeed. At least this is what the criminal complaint is alleging. They did indeed get them the driver's license numbers for approximately 600,000 people who drove for Uber.

Think about that for a minute. And what are licenses good for? Oh yeah. This year voting, right? Yeah. Yeah, because there's no ID is necessary. It's just mailed in. 57 million users and drivers over half a million driver's license numbers. What he apparently did was he went and used Uber's bug bounty program.

Most companies have that nowadays. It's Hey, you found a bug in our software in our system. We will pay you because we appreciate that. We'd rather you did it and we pay you a bounty than for bad guys to find it. All right. apparently, he was being extorted here because these hackers demanded a six-figure payment in exchange for their silence.

Now that's become very popular nowadays, by the way, this was a few years back. Now, nowadays ransomware works in two ways. One, they say, Hey, if you want your data back, if you want to decrypt it, you got to pay up. The other way it works is that this ransomware downloads your files, first. So the bad guys have it, so they will ransom it one way or the other.

It'll say, Hey, you pay up or I'm going to release all of this data. Or in this case, I'm going to give Uber or black eye. Cause I'm going to tell the media about it and release it. Or Hey, if you want your data decrypted, you gotta pay me. They can get, they're getting clever. These criminals. That's very common nowadays.

So it alleges this criminal complaint. That Sullivan took deliberate steps to conceal deflect and mislead the federal trade commission about the breach. Why? it turns out that a month or so later, their FTC filing was due and part of that needed to be about the security that they were taking because prior settlements with the government and the court required them to report on their security operation.

Yeah. Yeah. interesting Justine and the charges and the statement I've got there. In fact, when I'm reading it from here is the justice.gov, but it actually has the information about the indictment. So this is very one-sided.

There's nothing here from Sullivan's attorneys. It's just what the government is saying. So the complaint also describes how Sullivan. Played a pivotal role in responding to the FCC inquiry about Uber cybersecurity.  It's just absolutely amazing. Okay.

So what do we learn from this? I think we learn a few things.

First of all, if you are a business owner and you have any data at all, really nowadays, it's pretty much every business. Even if you don't have driver's licenses, do you know what you got, you might have bank account information, your own bank, account information, not even just customers or businesses that you trade with, where you're just transferring funds back and forth.

You might have all of that stuff on your computers. And we do scans for businesses and we look specifically for bank account numbers, social security, numbers, phone numbers, all kinds of stuff that is illegal to disclose. it's absolutely amazing. Apparently Uber paid the hackers a hundred thousand dollars in Bitcoin in December 2016, and hackers obviously never provided their true names.

Sullivan tried to get the hackers to sign nondisclosure agreements and these agreements that Uber's lawyers put together contained false representations saying that the hackers did not take or store any data, which apparently is not true. So this complaint goes on. It's absolutely amazing.

Again, if you're a business, all 50 States now have laws that require you to disclose when data is stolen. You have to disclose it and you cannot hide it. Particularly if you are a publicly-traded company or if you're a division of a publicly-traded company earlier in the show, I mentioned this whole pencil whipping forms thing where people have a form, it might be for the insurance company and might be for federal or state regulators and they just check the box.

Yup. yup. Yup. Yup. Even though they don't really know. And they don't know enough to know that they don't really know. Okay. So we have to be very careful about that. And so that's why we do these scans. In fact, we do them daily for our customers just to see if the data is out there. So make sure you're not storing any of that data.

I am a bit of a packrat myself, a digital packrat. I have stuff going way back when, but I make sure I don't have any PII. At least I try and make sure of that. You need to do that too. If you're a consumer, remember again, all 50 states have in place laws to help protect you. Now about the only thing that you might be able to do is get a couple of bucks from a settlement.

Look at this. I filed for my settlement offer from Equifax, which is how many years old now, where they lost all of your personal data was all stolen. Maybe four years, five years ago, by hackers it's known to have been stolen. They admitted it was stolen because they didn't keep things patched up and their security people were underfunded work too hard. Which happens every day in this country, unfortunately. And, who knows? the attorneys did, they got their tens of millions of dollars in attorney's fees that happens every year here in this country. I'm still waiting for my supposed check for $25.

They're now saying, it was probably gonna be a lot less than $25. Cause you know, attorney's fees, right? I added that last part, but this is absolutely ridiculous. It's ridiculous.

So if something does happen, if your data shows up on the dark web, you should take action. Cause that's the only way these businesses are going to get their act together.

Craig Peterson: [00:11:08] So I want to encourage you right now to go to a website it's called, have I been pwned dot com. Have I been pwned is like pawned, but with a P w n e d  dot com. Okay. Look there, put in your email address and they will search their databases of known hacks. The data existing on the dark web and have been pwned will tell you where your data was stolen.

Craig Peterson: [00:11:35] What was stolen. Might've been just your email address might include your name, your social security number, bank, account numbers. They pretty much have it, but all, and then you can contact these various companies where your data was stored your people, and maybe you should get involved with the criminal complaint.

Against some of these companies be part of a class-action lawsuit, make some bucks, we've got to stop this. We've got to get people smartened up.

All right, everybody makes sure right now you go online Craig peterson.com/subscribe so that you can get in this training. You can get your reboot guide. You can get all of this stuff.

Listen Wednesday mornings at seven 30 while I'm on with Matt Gagnon right here on WGAN.

Take care, everybody.

---

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553