Are You Ready For Data Wiping Attacks?
Release Date: 04/01/2022
Craig Peterson - America's Leading CyberSecurity Strategist
Been to a Hospital Website Lately? Facebook May Have Your Personal Information! Hey, Facebook isn't the only company doing this, but there's an article from the markup. They did a study and caught Facebook. This is absolutely crazy -- receiving sensitive medical information. We're gonna talk about that right now. [Automated transcript follows] This is really concerning for a lot of people. And, and for good reason, frankly, I've been talking about this. [00:00:22] I, I think the first time I talked about it was over a decade ago and it has to do with what are called pixels. Now, marketers...info_outline How Private is Crypto? What About WhatsApp and Signal?
Craig Peterson - America's Leading CyberSecurity Strategist
How Private is Crypto? What About WhatsApp and Signal? Cryptocurrencies were thought to be like the gold standard of security, of having your information stay private. Maybe you don't want to use regular currency and transactions. It's all changed. [Automated transcript follows.] [00:00:14] We have had such volatility over the years when it comes to what are called cryptocurrencies. [00:00:21] Now I get a lot of questions about cryptocurrencies. First of all, let me say, I have never owned any cryptocurrencies and I do not own any crypto assets at all. Most people look at crypto currencies and...info_outline Using Punchlists to Stop Ransomware
Craig Peterson - America's Leading CyberSecurity Strategist
Using Punchlists to Stop Ransomware I really appreciate all of the emails I get from you guys. And it is driving me to do something I've never done before now. I've always provided all kinds of free information. If you're on my email list, you get great stuff. But now we're talking about cyber punch lists. [Automated transcript follows] [00:00:16] Of course, there are a number of stories here that they'll come out in the newsletter or they did, excuse me, go in the newsletters should have got on Tuesday morning. [00:00:26] And that's my insider show notes, which is all of the information...info_outline Do You Know How Crypto's Nose-dive Will Even Hurt Your 401K?
Craig Peterson - America's Leading CyberSecurity Strategist
Do You Know How Crypto's Nose-dive Will Even Hurt Your 401K? Hey, it looks like if you did not invest in "Crypto," you were making a smart move! Wow. We got a lot to talk about here. Crypto has dived big time. It's incredible. What's happened? We get into that and more. [Following is an automated transcript] Hi everybody. Craig Peterson here. Appreciate your joining me today. Spend a little bit of time with me. It's always a fun thing to do thanks for coming in. And Thanks for sticking around. [00:00:29] Crypto currencies. It's a term for all kinds of these basically non-government...info_outline Facebook Has No Idea Where Your Data Is and What They Do With It?!
Craig Peterson - America's Leading CyberSecurity Strategist
Facebook Has No Idea Where Your Data Is and What They Do With It?! Facebook's about 18 years old coming on 20 Facebook has a lot of data. How much stuff have you given Facebook? Did you fall victim for that? Hey, upload your contacts. We'll find your friends. They don't know where your data is. [Following is an automated transcript] [00:00:15] This whole thing with Facebook has exploded here lately. [00:00:20] There is an article that had appeared on a line from our friends over at, I think it was, yeah. Let me see here. Yeah. Yeah. Motherboard. I was right. And motherboards reporting that...info_outline Did You Hear How the FBI, NSA, and CIA Got Tracked Because of Their Smartphones? How About You?
Craig Peterson - America's Leading CyberSecurity Strategist
Did You Hear How the FBI, NSA, and CIA Got Tracked Because of Their Smartphones? How About You? You're worried about surveillance. Hey, I'm worried about surveillance. And it turns out that there's a secretive company out there that to prove their mustard tracked the CIA, and NSA yeah. Fun thing. [Following is an automated transcript.] [00:00:16] This is a company that is scary. We've talked before about a couple of these scary guys. [00:00:22] There's this Israeli company called NSO group. And this it is, so group is absolutely incredible. What they've been doing, who they'll sell to these....info_outline How Does Big Government Collaboration With Big Tech Raise the Costs of Everything?
Craig Peterson - America's Leading CyberSecurity Strategist
How Does Big Government Collaboration With Big Tech Raise the Costs of Everything? We're going to talk about the Senate bill that has big tech scared, really scared. I'll talk about a new job site problem for a number of different industries because of hackers, the cloud, the cost and reliability. [Following is an automated transcript] This tech bill. It has the Senate really scared. He is frankly, quite a big deal for those of you who are watching over on of course, rumble or YouTube. I'm pulling this up on this screen. This is an article. ARS Technica and they got it originally from...info_outline Did You Hear About the Latest Rip-Off? Non-Fungible Tokens! How Law Enforcement Tracks Bitcoin!
Craig Peterson - America's Leading CyberSecurity Strategist
Did You Hear About the Latest Rip-Off? Non-Fungible Tokens (NFTs) Are Already Losing Steam! [10:54] How Law Enforcement Tracks Bitcoin! It is Absolutely NOT Anonymous [20:05] The FBI Is Actively Removing Malware From Private Machines -- Without The Owner's Permission [29:10] Why and When You Shouldn't Trust QR Codes [41:08] Cybercrime in Russia Tracked to a Single Office Building in Moscow! [52:29] The Newest Phishing Scams [01:01:32] Using Wordpress? How Supply Chain Attacks are Hurting Your Business Website [01:10:43] Cybersecurity Tools You Should Be Using! Jam packed today. We're going...info_outline Are You Ready For Data Wiping Attacks?
Craig Peterson - America's Leading CyberSecurity Strategist
Are You Ready For Data Wiping Attacks? Yet another warning coming out from the federal government about cyber security. And this one is based on what's been happening in Ukraine. So we're going to talk about that situation, the whole cyber security over there and why it's coming here. [Automated transcript follows] CISA is the cybersecurity and infrastructure security agency. How's that for a name it's not as bad as what does that shield right over from the Marvel universe, but the cybersecurity and infrastructure security agency is the agency that was created to not just protect federal...info_outline Which Anti-Hacker Techniques Can You Use Against the Russian Hackers?
Craig Peterson - America's Leading CyberSecurity Strategist
Weekly Show #1158 We know the Russians have been attacking us. I've talked a lot about it on the radio and TV over the last couple of weeks. So I am doing something special; we are going through the things you can do to stay safe from the latest Russian attacks. Last week, we started doing something I promised we would continue -- how can you protect yourself when it comes to the Russians? The Russians are the bad guys when it comes to bad guys. So there are a few things you can do. And there are a few things; frankly, you shouldn't be doing. And that's precisely what we're going to talk about...info_outline
Are You Ready For Data Wiping Attacks?
Yet another warning coming out from the federal government about cyber security. And this one is based on what's been happening in Ukraine. So we're going to talk about that situation, the whole cyber security over there and why it's coming here.
[Automated transcript follows]
CISA is the cybersecurity and infrastructure security agency. How's that for a name it's not as bad as what does that shield right over from the Marvel universe, but the cybersecurity and infrastructure security agency is the agency that was created to not just protect federal government systems, although they are providing information for.
[00:00:41] People who protect those systems, but also for businesses and you and me and our homes. So they keep an eye on what's happening, what the various companies out there are finding, because most of the cybersecurity information that we get is from private companies and they. But it altogether, put it in a nice little wrapping paper.
[00:01:05] In fact, you can go onto their website anytime that you'd like to, and find all kinds of stuff that is going to help you out. They've got a ton of documents that you can download for free little steps that you can take. It's at csun.gov, C I S a.gov. And they've got the known exploited vulnerabilities catalog.
[00:01:30] That's something that we keep up to date on to help make sure our clients are staying ahead of the game. They've also got their review board securing public gatherings. They also run the stop ransomware.gov site that you might want to check out. And we'll be talking a little bit more about ransomware and the ways to protect yourself a little later today.
[00:01:52] Now Seesaw is interesting too, because when they are releasing information, most Americans really aren't aware that they even exist. They do. And they've got a big warning for us this week. There's a site that I follow called bleeping computer that you might want to keep an eye on and they have.
[00:02:15] I'll report just out this week that you, crane government agencies and corporate entities were being attacked. This was a coordinated cyber attack last Friday, a week ago, where websites were defaced data wiping malware was deployed and causing all of these systems to become not just a corrupt, but some of these windows devices to be completely.
[00:02:45] Operable now that is a bad thing. The reason for this, this is speculation, but it isn't a whole lot of speculation. Right? Am I getting out of, on a limb here particularly, but the whole idea behind this is a cyber war, that Russia's got, what is it now? 130,000 troops, whatever it is over a hundred thousand.
[00:03:08] On the border of Ukraine, they invaded Ukraine a few years ago. Russians shot down a passenger airline in Ukrainian air space. This that was a few years back. They've been doing all kinds of nastiness to those poor Ukrainians. They also had a massive ransomware attack in Ukraine. That was aimed at their tax software.
[00:03:35] Some countries do the electronic filing thing a lot differently than the us does. A couple of examples are Ukraine. France is another one that comes to mind. We have clients in France that we've had to help with cyber safety. And we're always getting popups about major security problems in the tax software, because they have to use this software that's provided by the French government.
[00:04:03] Ukraine's kind of the same way. The biggest. Company providing and the tax filing software for Ukraine was hacked and they use that hack to then get into the tech software and make it so that when that software was run by these Ukrainian companies, they would get ransomware. It was really rather nasty.
[00:04:30] So the Russians had been playing games over in Ukraine for quite a while. But what's apparently happened now, is that a thing? Those things, same things are coming our way now. It's not just because of the fact that a Ukraine is being threatened, maybe they're going to encroach even more, take more than Crimea, which they did last time.
[00:04:56] We're in the U S and what are we doing? President? Biden's been sending troops to Europe, troops to Poland, Germany, and also advisors to the Ukraine. He's removed the embassy staff, at least the vast majority of it from Ukraine. And I just I think. To what happened with his completely unplanned withdrawal that we did in Afghanistan and how things just got really bad there.
[00:05:28] And I'm not worried about what's going to happen in Ukraine because the Russians aren't particularly fond of the idea that we are sending aid and support to. Yeah, it's a bad thing. President Obama sent them blankets, but Biden is sending them military weapons and ordinance, which is what they'd need to fight.
[00:05:53] So Russia has shown that they will attack a country via electronic means cyber means, right? Cyber attacks. And so what's happening now is the bad guys from. That have been the facing websites and who have been doing more than that, wiping computers and making them completely unusable could well come after us because they're really going to be upset with what's happening now.
[00:06:27] And that was CNN has reported the Ukrainian it services company that helped develop many of these sites was also a big. And of course that means bottom line, that this is what's called a supply chain attack. What I mentioned earlier with the Ukrainian tax software, that's a supply chain attack where you are buying that software, or you're mandated to use the software to file your taxes by the government.
[00:06:57] And what happens while it turns out that software is contaminated, that's called a supply chain attack. Now crane issued a press release about a week ago, saying that the entities were hit by both attacks, leading them to believe that they were coordinated. This is a quote here. Thus, it can be argued with high probability that the interface.
[00:07:24] Of websites have attacked government agencies and destruction of data by Viper are part of a cyber attacking, but causing as much damage to the infrastructure of state electronic resource that's from the Ukrainian government, not the best English, but their English is much better than my Ukrainian or Russian.
[00:07:44] So you, crane is blaming these attacks on Russia, incomes, CS. So you says now urgent. Business people in the us and other organizations to take some specific steps. So quote, here from the Seesaw insights bulletin, the CSO insights is intended to ensure that senior leaders at the top of every organizational where the cyber risks and take urgent near term steps to reduce the likelihood and impact of a potentially damaging compromise.
[00:08:19] All organizations, regardless of the sector or side should immediately implement the steps outlined below. So here's the steps and there are a lot of them. One I'm going to do these, you should find in your newsletter today. Hopefully that all made it in. But three basic things. One reduce the likelihood of a damaging cyber intrusion.
[00:08:46] And we're going to talk about the best way to do backups here a little later on today. Make sure your software is up to date. Make sure your organization's it personnel disabled, all ports and protocols, not essential for business purposes. This is all basic stuff, but I got to say. I bet you, 98% of businesses and organizations, haven't done these things.
[00:09:07] The next major category here, take steps to quickly detect a potential intrusion, and then ultimately maximize the organizations resilient to destructive. Incident. So that means doing things like testing your backup procedure, make sure your data can be restored rapidly, or you have a way to get your business back online quickly.
[00:09:31] What we tend to do is in our backup strategy, depending on how much the company can afford, to be down. To be out of business if they lose all of their stock versus what it costs to do this, but we will put a server on site at the company and that server then does some of the backups, right? It does all of the initial backups.
[00:09:55] And then what happens is it gets relayed to us. It gets pushed to tape and tape is really good. We'll talk about that in just a few minutes, but the other big thing is. The backup that we have local to their business also has what's called a virtual machine infrastructure built on it. So if a machine goes down, If it gets wiped or if it just crashes and can't be recovered easily, we can spin up that machine.
[00:10:27] A copy of it in our little virtual environment in just a matter of minutes. So these are all things you should be considering. If you're interested, you can send an email to [email protected] I can send you a checklist that a little more extensive than this, or I can help you with any other questions you have.
[00:10:47] I get lots of questions every week from everything for on retirees, wondering what they should do all the way through businesses that we help government contractors and others. This isn't good. Russia is likely coming after us. Based on this. Visit me online. Craig peterson.com or email [email protected] with your questions.
[00:11:14] With all of this talk about hackers, ransomware data, wiping systems. What's the best way to protect yourself, but what do you do to really protect against ransomware? I can tell you, it's not just plugging another hard disk into do backup.
[00:11:31] We've got so many hackers out there. We're talking about a multi-billion dollar industry to go after us.
[00:11:39] It's just depressing. Really. When you think about it, I think about the old days where security, wasn't a huge concern, right? Physical security. I had one of my first jobs was at a bank and I was, this was back way back in the a G it would have been the mid seventies and I was one of the operators of the main.
[00:12:05] And so as a mainframe operator, we'd load up the tapes and we would ship them places. We'd also go ahead and put them in the vault so that they were in a fireproof vault, and we could recover anything we needed to recover. It worked out pretty darn well, and it was a fun job, but most of the time it was cleaning the tape drive heads and taking those tapes, those big round tapes, you might remember those.
[00:12:33] Nine track tapes and maybe the fancy stuff, 52 50 BPI or 800 BPI of one end or the other, or the spectrum. And we just had to make sure they were physically safe nowadays of course, mainframes are still around and are still absolutely fantastic. They're just phenomenal. Some of the technology IBM has in their mainframes.
[00:12:59] Most of us, aren't using those. Most of us are using a regular computer or I'm sitting in front of a Mac right now that I use for the radio show. We have windows, computers, Linux machines, right? All of those things that we have in our business and that we maintain securely for our clients. But what do you do when we're talking about random?
[00:13:23] You can cross your fingers and hope that you'd hope you don't get ransomed. That sort of a practice doesn't usually work out too well for people, but you can do backups and many people do. So let's talk about the backups. Let's say that you have your computer and you're doing a backup and you have one or two generations worth of backups for your company.
[00:13:47] Ransomware nowadays does not just typically destroy your whole disk. Usually what it does is it encrypts files like doc files, doc X, right? Excel files, all kinds of files that thinks might be useful to you. And then of course, the rest, it pops up says, pay me. And off you go. The reason for that is so your computer still works so that you can enter in the decryption code.
[00:14:18] Once you've paid the ransom, hopefully it works for you give or take 50% of the time. You will get your data back. If you pay the ransom much of the time. But let's go back to that one or two generations of backup. You're using a cloud service, let's say, and your computer gets ransomware. That cloud service backup software will still work.
[00:14:43] What if it's working? So you're now backing up your encrypted files to the backup site in the cloud. Do you see where I'm going with this? Your backups? No. Same thing is true. If you're backing up to a local hard disk, many people do it and it's handy. I recommend that you do that, but it's not all you should do.
[00:15:08] So that disc is attached. We had a. Boy, who was it here? Yeah, we have a client in Maine and they have a really smart system administrator and he designed these disk drives that would physically disconnect themselves from a machine when the backup was not running and would physically connect themselves when the backup.
[00:15:34] Was running. So the idea there was okay, great. We've got a local backup on a local disk and if the bad guys managed to get a hold of the machine, they're not going to be able to encrypt the. And, as long as the backup isn't running, I thought that was a brilliant solution. Doesn't solve some problems, but it certainly takes care of some others.
[00:15:58] So if you are doing a backup, you've got to make sure you've got multi generations. I tend to keep a year's worth. Now there's other considerations. There's the federal rules of. Procedures that say you have to have bad cops. They have to go back years. And there are also other things the payment card industry requires certain types of backups.
[00:16:25] If you are a government contract, We have them as clients and they have certain data retention policies based on the length of the contract. They have keep it for some years afterwards. It goes on and on. So if your data is lost or stolen or encrypted, and your backup is encrypted or deleted, You are in real trouble depending on the type of business you're in.
[00:16:56] So what's the right answer to this. I've talked about 3, 2, 1 backup for a long time, and it's still a very good methodology for doing backups, but nowadays they're talking about 3, 2, 1, 1 backup, which is again, that's a bit of a different methodology. In doing backups, but the idea is you've got multiple copies of your data on multiple types of media in multiple places.
[00:17:29] That's the bottom line. What is the gold standard for this? I it's something that gets to be a little expensive. Again, we have another client that we've had for years, and they are looking for a replacement for the backup system. Now. And so we proposed something that's based on what's called LTO technology, which is a type of a tape drive.
[00:17:55] It's a small cassette, right? It's not those big 12 inch reels of tape that we used to lug around and it's amazingly dance. The new LTO tape drives have space on them for as much as 45. Terabytes of information. It's also great because it's encrypted by hardware, government level encryption automatically, and those tapes can be taken offline.
[00:18:25] You can take the tape. Now we picked up a client who had been doing backups and they were using little USB drives and every day he'd take the drive home and bring in the next drive. So he had five drives, right? So he had the drive for Monday, Tuesday, Wednesday, Thursday, Friday. And he was taking them home, but he missed one of the key things to check the back.
[00:18:53] He hadn't checked the backup and their backup had not been running for more than a year and a half. So that's the other thing you have to do? The LTO tapes are really the gold standard. It goes back to that for one of the first jobs of mine, right? The job I mentioned, where I was mounting tapes and filing them and moving them around and mountain disc packs and pulling them out and everything.
[00:19:19] It still makes sense. They'll last for decades, they cannot be hacked because they are literally offline. You can ship them to places to have them stored. I have a course on backups and if you're really interested, send me a an email to [email protected] And I'll go ahead and. Send you a link to the course, you can watch it.
[00:19:48] But yeah, I think this is really important. Of course, I'm not going to charge you for that, but magnetic tape it's established. It's understood. It's proven it's been around for many decades and LTO tape is unique. It needs all five best practices for addressing ransomware. Even be able to recover.
[00:20:12] If you want more information, just email [email protected] or sign up for my free newsletter. Craig peterson.com.
[00:20:22] Switching from gasoline powered engines to these new electric cars is no environmental panacea. At least that's what West Virginia university is saying. And the E. Just changed its mind as well.
[00:20:38] Ford of course, about a year ago, unveiled its new electric.
[00:20:43] F-150 the lightning and Ford has stopped taking orders for them because they are going to have to make double what they thought they would have to make. Ford also has a similar problem with yet another electric vehicle. The Mustang GM is doing a few different electric. Coles. And so is everybody else, frankly, Porsche even now has an electric car out.
[00:21:11] That is all well and good. Isn't it. And there's certainly problems, particularly with manufacturing nowadays, trying to get the CPU's and other electronic components you need. They're even having trouble getting electric motors for electric windows in vehicles. Now they're coming. Crank window with a little coupon saying later on, we'll convert it to electric for you all kinds of problems, but there's one that I haven't heard anybody but myself talk about.
[00:21:44] And so I was online looking around, doing some searches, seeing if I was, like the only one there's no way right now, I'm not the smartest person in the world. I don't pay the most attention to everything. And I found that. Virginia university is in total agreement with that with me, it's just amazing.
[00:22:06] They looked at recent trends and they're cautioning as I have been for years, at least a decade. Now they're cautioning about what seems to be a race to put more electric vehicles. On the road. And the problem is that these electric vehicles in their demand for electricity may well out, run what's needed to keep the vehicles on the road.
[00:22:35] So here's a quote from them. The electric grid will struggle to handle the quick charging of very many electric vehicles at the same time. Okay yeah, by the way, like hardly any quick charging is generally what everyone thinks about, like going to the gas station, getting a full charge in 10 to 15 minutes, which would be a tremendous instantaneous load on the local distribution center.
[00:23:03] My concern is the huge power dumps required at quick charging stations along the interstate. It sounds good, but it'll require a lot of new infrastructure to get the power to the charging stations, as well as building those charging stations. So where does the power come from? Power storage is going to be required if we're going to also move towards fixing.
[00:23:28] Power sources such as solar and wind. We do not have power storage capability yet in large enough quantities to do this on a large scale. Solar does not work at night. The wind doesn't blow all the time. Also, we do not have the distribution on the streets to move fast charging into residential neighborhoods on mass.
[00:23:52] Electric vehicles are great, but we have not fully considered the impact it'll have on our electrical grid infrastructure. It will require a lot of expansion of our electrical distribution and charging facilities. Remember, electric power comes from the power company. I heard an interview with a lady the other day, and they asked her, where does the electricity come?
[00:24:15] She said, From the plugin, the wall, right? We must consider this when considering wide-scale electric vehicle adoption, much as there is to gain from electric vehicles. I don't believe we're ready yet as a society for completely electrical vehicle transportation system. With time and infrastructure development, we can be.
[00:24:37] I totally agree. This is Rory Nutter, professor lane, department of computer science, electrical engineering, Benjamin M. Slater, college of engineering and mineral resources. I totally agree with that. We don't have the ability to generate the electricity. We don't have the ability to store the excess electricity.
[00:25:01] So in other words, if we're using solar at nighttime, we don't have the sun, we can't run solar. So we got to store the solar. And in fact, we have to make about twice as much electricity as we need during the day so that if we can store it, we can then use it in. The same thing with wind, right? It's fickle.
[00:25:24] It just doesn't work that well. So what do we need? Basically right now, we need to stop turning off our coal powered plants, our natural gas plans and our nuclear plant. Because we need to still have electricity. Look at what's happened last year. And this year over in Europe with the crazy cutbacks that they've been doing on some of these plants, coal nowadays with the scrubbers that are on our cold powered, flat plant is clean energy.
[00:25:58] It's not like the old days where you lived on the south side of the tracks and you got all of the wind blowing towards you that had all of that nasty cold ass. You ever seen any of those pictures? It was just terrible. All of that nasty sitcom. It's not something we need to worry about nowadays.
[00:26:16] The other big thing that ties into all of this is so how do we generate our electricity cleanly? A hundred percent cleanly? Nothing. Per cent, but just a couple of weeks ago, the European commission presented their 27 members states with new draft rules that classified natural gas and nuclear power as green fuels for electricity generation.
[00:26:47] Listen, if we want electric cars, which as we've talked about before are highly polluting. Yes. Because of the materials in them, because of the materials that go into the batteries, having to mine it, having to ship it, having to process it and then having to change out those battery packs after 80,000 or a hundred thousand miles.
[00:27:09] Did you see this guy? There was a meme in the video about this online a few weeks ago. How to test. His Tesla needed a battery replacement. It would cost him, I can't remember what it was. 20, $30,000. A lot of money. So he decided to just blow up the car. That's all it took. I saw another Tesla that had water damage.
[00:27:33] From, being down in new Orleans or somewhere, the flooding occurred. And the guy bought that Tesla because Tesla won't sell the parts to fix the car after the water damage. And so he ripped out the batteries, ripped out the electric motors and he bought a high power engine. And gasoline and put it into the Tesla and made really, quite a very cool car.
[00:28:00] You can find it online if you want to look for that, it's quite cool. What they ended up doing. It took us quite a while to do it, but they did it. So now that we're seeing. That nuclear is green. Let's talk about why we've been so afraid of nuclear. One of the biggest problems of course is so what do you do with all of the waste?
[00:28:20] And that's a legitimate question, but what you're really talking about when you ask that question are the reactors that went online 50 years ago, or that were approved 50 years ago because of the regulations. There are. These nuclear plants that have been provisioned in the last 20 years that are still using that old technology.
[00:28:43] So when we get back, we're going to talk about this more. What about the waste? What our fourth generation nuclear power plants, how safe are they when they say they're intrinsically safe? What does that mean? And how and why? Because I'm predicting to this point that we're going to have to switch back to nuclear and even the European union, if you can believe it agrees with.
[00:29:13] Hey, make sure you take a minute. Go online. Craig peterson.com. Subscribe to my free newsletter. You can get it right there. I send you out stuff every week. And this week is no exception. We've got a bunch of bullet points that if you are in a business position, you got to protect yourself immediately. So I tell you how Craig peterson.com.
[00:29:38] So what are these new rules for nuclear energy? And why is it absolutely necessary that we do something like this? Get fourth generation nuclear online. If we can even consider electric vehicles on our roads.
[00:29:55] Things have changed in the European union. They've been trying to figure out how they're gonna handle all of these electric vehicles, how they're going to properly handle all of the solar cells and the wind turbines.
[00:30:09] And there's even some work over in the EU. To get the tide to generate electricity, some very cool stuff. Actually, that's been done, I love tech and I'm into all of this stuff, frankly. I think we should be doing a lot of it. What I don't think we should be doing. Is getting ahead of ourselves. And unfortunately that's really what's being going on.
[00:30:35] We don't have a grid that can really use the electricity that we can generate from our windmills, from our solar cells, from anything, frankly. And we cannot. All of that electricity that we might be generating and somehow have that electricity be stored and used distributed appropriately to our charging station.
[00:31:03] And our grid was built and designed to have a few central point where the electricity is made, where it's generated and then distributed to some pretty specific types of things like housing, development, businesses, et cetera. You can't just go ahead and open a big business man. in a residential area.
[00:31:25] And part of the reason for that is the grid isn't set up for it. You don't have three phase power going into residential areas or even more than that, you don't have the high voltage, the high current, et cetera. So how are you going to be able to quick charge electric cars in the regular residential neighborhoods?
[00:31:47] I w how about at a hotel? Yeah. Okay. A hotel is probably. Multiple phases and has a fair amount of power there, but the amount of strain that's put on the grid by trying to just rapid charge a single car is huge. So how can we deal with that as well? The quickest and easiest way to deal with it is just put more large power plants online.
[00:32:13] Some people don't like that. Don't like that idea at all, frankly, but we're not ready. What are we going to do? Look at what happened in Texas with a fairly minor reliability or re reliance, I should say, on these windmills last winter and things with this winter, as cold as it's been, that could really cause some just incredible problems.
[00:32:40] Nuclear is being reconsidered, particularly fourth generation nuclear power plants. The greenhouse gas emissions from nuclear power are one 700th of those of coal. The nuclear power plants produce one, 400th greenhouse gas emissions of a gas plant, and they produce a quarter of the greenhouse gas emissions from solar.
[00:33:09] Now you're saying, Hey Craig, come on, I get it. Wait a minute, solar, how can solar produce greenhouse gas? It does. And it produces greenhouse gases because of the manufacturing processes, as well as of course it off gases. So how do we make all of this stuff work? We all saw the China syndrome and we heard from experts like Jane Fonda, how we would all die.
[00:33:34] If we put a nuclear power plant. These are intrinsically safe, power plants much different than they used to be. Nuclear power frankly is a much safer business than most people think it is. They no longer these new plants produce. The the nastiest what's called high level nuclear waste.
[00:34:00] They can reprocess it right there in the plant. They can start in fact where some of the nuclear waste though has been generated from the older nuclear plants and get rid of that. It's amazing. So people are asking okay. Plutonium might have a half-life of 24,000 years, but it doesn't emit much radiation.
[00:34:23] We get that. How about the higher levels of radiation? Because some of it can last for hundreds of thousands of years. According to the U S radiation expert, Robert Gale for every terawatt hour of electricity produced nuclear energy is 10. To 100 times safer than coal or gas. What it does emit are alpha particles, which do not even penetrate human skin.
[00:34:54] They've done all kinds of risk assessments and tried to figure out what's going to happen. What can we do? And I'm not going get into all the details here, but it is intrinsically safe because. What really happens is that the, these new plants he's fourth generation, a newer plant are instead of using water, for instance, that can do reactors out of Canada, use heavy water in order to cool those rods.
[00:35:25] It was same sort of thing we've had in the meltdowns before they're using a liquid silica inside. They're set up in such a way that they do not need to have pumps running. So the Fukushima reactor that you might remember in Japan that failed because of the tsunami and the fact that one fact, this is what was their killer that their electrical generation from the diesel generators went offline.
[00:35:56] Why did it go offline? Oh, I can see the grid going offline, but how about a diesel generator? If you have a below sealer, And the water comes in. You're in big trouble now. They didn't have it like below, permanently below sea level and Fukushima. But when that tsunami wave came in, it was below sea level.
[00:36:16] They just, man, we could talk for a long time about the problems that they had over there. The nepotism, the line on the forums. They fact they did not do the upgrades that the manufacturer has suggested on and on. So these new reactors can lose all power and you won't have a China store. They won't go through a meltdown and they're even designed in such a way, the way using physics things called the law of gravity, who would have thought, right?
[00:36:51] So that what happens in the worst case scenario is no one gets hurt. It just eats in on itself and then stops runs out of. So we've got to remember all of this stuff. Okay. The nuclear power of yesteryear is not the nuclear power of today. And the nuclear power of today is so green and so safe that even the European commission presented new draft rules that said to the natural gas, nuclear power, our agreement.
[00:37:29] Fuels for electricity generation. So assuming the rules are approved and Francis in favor, Germany isn't as into nuclear power. In fact, they plan on having all of their plants shut off by the end of 2025, which is crazy because they're already having serious problems with their solar and wind.
[00:37:53] And that's why they're buying so much natural gas now for. Yeah, American influence dropping over there. Thank you again, president Biden for allowing that pipeline to go through. All right. Anyhow. They're assuming they're approved Germany. Apparently isn't likely to try and block these rules. It means that nuclear, the new nuclear force generation or newer is going to be right there alongside renewables, like wind and solar on the list of the EUS technology that are approved for financial support.
[00:38:30] Now, this is very good news because as I mentioned earlier, What happens when it comes to solar at nighttime doesn't work solar. When it's raining, doesn't work solar. When it's snowing, doesn't work solar. When it's cloudy, doesn't work. Ryan, how about the windmills? When the wind is. They don't work when they break down, which happens a lot due to mechanical failures, they don't work.
[00:39:02] So having the. New nuclear plants that are intrinsically safe, that don't generate this really nasty radiation, and stuff that we have to store for a thousand years, et cetera. The high level nuclear waste makes a lot of sense because unlike the. Solar plants or other things that might be on someone's house that cannot be easily controlled by the central grid.
[00:39:32] In other words, Hey, stop generating electricity because I got enough right now. And what Germany has been doing is putting it into heat sinks, heating up lakes and other things, to get rid of that extra solar energy people are generating on their homes and businesses. What you can do is, Hey, we are at the point where we don't have enough sun.
[00:39:54] It's really cold. People are trying to heat their homes, or it's really hot. People are trying to cool to their homes. And yet it's raining heavily or there's a lot of clouds. So all you have to do at that point is turn off. That nuclear power plant or multiple plants. You see the way it's going.
[00:40:12] You're not going to have some massive plant with a bunch of reactors. No. Where they're going with this is to have community reactors in the multi megawatt range that can be put into communities and the power distributed directly. Into the community and these power plants are good for 20 years and these new ones, they are typically going to be buried in the.
[00:40:41] And then every 20 years they get dug up, put onto a truck, shipped off, they get recharged, brought back and you're off and running again, a whole different concept. And I love it. We're starting to do this in the United States. We've got some early approvals for some of these, and I was shocked and amazed and happy that the Biden administration has decided.
[00:41:06] To approve the new nuclear here in the United States. So there'll be some test plants going online relatively soon. That just makes so much sense. These 50 year old nuclear red regulations and plants, they just don't work. Make sure you visit me online. Craig peterson.com. I'm going to have a lot of stuff for you every week.
[00:41:32] Craig peterson.com.
[00:41:37] The hacker world got turned upside down this past week as Russian president Putin decided to crack down on the hackers. Now, this is a very big change for Russia. We're going to talk about my theories. Why did this happen?
[00:41:54] As we keep you up to date, russian hackers have long been known to go after basically whoever they want. They have really gone after the United States and other Western company countries.
[00:42:10] And as part of what they've been doing, they have been making a lot of money and keeping Vladimir Putin pretty darn happy. He's been a happy because they're bringing more. Into mother Russia, he's happy because they are causing confusion amongst Russia's competitors out there, particularly the United States.
[00:42:35] But there's one thing that Putin has been absolutely steadfast. And that is not allowing any of the hackers to go and hack any of the countries that are part of their little pact over there. Think of the old Warsaw pack they got that band back together. So as long as they didn't harm any Russian or, a affiliated country, They could do basically whatever they wanted and they did.
[00:43:09] And they have caused a lot of trouble all over the world. So Friday Russia. As security agency announced that it had arrested members of the cyber gang called reveal. Now we have talked about them for a long time. They have come and gone. The FBI and other countries have shut down their servers.
[00:43:37] So reveal disappears for awhile. Then pops his head up again. And Russia said that they arrested members of revival who were responsible for massive ransomware crimes against us companies the last year. So why would they do that? I'm looking right now at the Russian website here, that's part of the FSB.
[00:44:06] And it's saying that the Russian federal security service in cooperation, the investigation department of the ministry of internal affairs of Russia in the cities of Moscow St. Petersburg, Leningrad lips. As, I guess it is regions. They stop the illegal activities, a members of an organized criminal community and the basis for the search activities was the appeal of competent U S authorities who reported on the leader of the criminal community and his involvement in an encroachment on the information, sir, resources of foreign high tech companies by drusen militia software, encrypting information and extorting money for its decreased.
[00:44:52] Now that all sounds like the stuff that Vlad has been just a happy about in years past. So why did this happen? What brought this about nowadays in this day and age? What is he doing? I've got a little bit of a theory on that one because there have been some interesting development. One of them is this hacker.
[00:45:19] In Belarus. Now, Belarus is one of those countries that's closely affiliated with Russia friend of Russia, right? Part of the old Warsaw pact. And you might remember that Bella ruse is right there by you. And of course, we've got this whole issue with Ukraine and whether or not Russia is going to invade president and Biden said something incredibly stupid where he said, yeah a moral response is going to depend upon what Russia does, if it's just a minor invasion.
[00:45:57] You're you remember? The president Biden's saying that just absolutely ridiculous. And then of course, the white house press secretary and various Democrat operatives tried to walk the whole thing back, but it's a problem because Russia has, what is it now like 120,000 troops on the border.
[00:46:17] Now, if you know anything about history, you know that the military army. March on their stomachs, right? Isn't that the expression you've got to feed them. You have to have a lot of logistics in place. In fact, that's what really got a lot of the German military in world war two. Very nervous because they saw how good our logistics were, how good our supply chain was.
[00:46:43] We were even sending them. They cakes to men in the field that they discovered these cakes in great shape. And some of the German armies, particularly later in the war, didn't even have adequate food to eat. What do you think is happening with the Russian troops that are sitting there?
[00:47:01] They need food. They need supplies, including things like tanks, heavy artillery, ammunition. All of that sort of stuff. So how do they do that? They're moving it on rail, which they have done in Russia for a very long time. You might remember as well in world war II, the problems with the in compatibility between the German rail gauge and the Russian rail gauge as Germany tried to move their supplies on Russian rails and Soviet rails, ultimately, but on Russian rails and just wasn't able to do.
[00:47:37] So hacktivists in Bella ruse right there next to Ukraine said that they had infected the network of Bella Russa's state run railroad system with ransomware and would provide the decryption key. Only if Bella Reuss president stopped. Russian troops ahead of a possible invasion of Ukraine. So this group, they call themselves cyber partisans wrote on telegram.
[00:48:11] Now I got to warn everybody. Telegram is one of the worst places to post something. If you want some privacy, excuse me, some privacy, some security it's really bad. Okay. No two questions. So they have, apparently this is according to what they wrote on telegram. They have destroyed the backups as part of the pec low cyber campaign.
[00:48:36] They've encrypted the bulk of the servers, databases and work station. Of the Belarus railroad, dozens of databases have been attacked, including, and they name a bunch of the databases. Automation and security systems were deliberately not affected by a cyber attack in order to avoid emergency situations.
[00:49:00] They also said in a direct message that this campaign is targeting specific entities and government run companies with the goal of pressuring the Belarus government to release political prisoners. And stop Russian troops from entering Bellaruse to use its ground for the attacks on Ukraine. Now, this is frankly fascinating from a number of different angles.
[00:49:26] One is, it is very easy nowadays to become a cyber hacker. And in fact, it's so easy. You don't even have to do anything other than send N E. And it's been done, frankly. It's been done people who are upset with a, an ax, for instance upset with a particular company, you can go onto the dark web and you can find companies.
[00:49:53] And this revival company was one. That will provide you with the ransomware and they will do everything for you except get that ransomware onto a computer. So you could bring it in to an employer. You can send it by email to the ax. As I mentioned, you can do a lot of stuff. And then the. Ms. Cyber hacker guys, the bad guys will go ahead now and they will collect the ransom.
[00:50:24] They'll even do tech support to help the people buy Bitcoin or whatever currency they want to have used. And then they take a percentage. So they might take 30% of it. There's a whole lot. We can talk about here too, including trust among thieves and everything else. It is easy to do this. So to see an organization like these cyber partisans, which I'm assuming is an organization, it could be as little as one person taking ransomware, going into specific computer systems breaking in.
[00:50:58] Because again, even here in the U S how many of us have actually got their computer systems all patched up to date? The answer to that is pretty close to zero. And they can now go after a government, they can protect their friends. It's really something. When you start thinking about it, right? No longer do you have to be North Korea or China or Russia in order to hack someone to the point where they commit.
[00:51:31] And in this case, they're not even after the money, they just want these political prisoners freed and they want Russia to stop shipping in troops supplies, into the area in Belarus next to or close to. Very fascinating. There, there is a whole lot of information about this online. If you're interested, you can read more about it.
[00:51:55] It's in my newsletter, my show notes. I have links to some articles in there, but it really is a tool for the under. We've never really seen this before. It's quite an interesting turn in the whole ransomware narrative. It's just in crazy. That's a quote from a guy over at Sentinel one. Alright.
[00:52:21] Lots to consider and lots to know and do, and you can find out about all of the. One way, subscribe right [email protected] I promise. I'm not going to her Hess. You stick around.
[00:52:38] We've heard a lot about automated cars. And of course we talked about them a lot here too, but that original vision of what we would have, it's gone now. It's fascinating. We're going to talk about that journey of automated car.
[00:52:55] To date on technology for years, automakers have been telling this story about how these automated cars are going to drive themselves around and do just wonderful things for us.
[00:53:10] And as part of that, they've decided that. The way it's going to work. And I remember talking about this, cause I think it's a cool idea is that there will be fleet of these vehicles think about maybe an Uber or Lyft where you get on the phone and you order up a card and it says, Hey that driver will be here.
[00:53:30] Here's the license plate, the driver's name and picture. It's really cool, but general motors and Lyft haven't gotten there. They signed in agreement. To have electric autonomous cars as part of Lyft's fleet of drivers. They did a back in 2016, a long time ago. Ford promised what it called robo taxis and that they would debut by 2021 Dimeler of course, the company that makes Mercedes-Benz said it would work with Uber to deploy fleets of their car.
[00:54:12] And the logic was really financial and it made a lot of sense to me, which is why I was so excited. I have car outside. You know about my Mercedes, you. How often do I drive that 40 year old car? Most of the time it's sitting there parked, most of the time, because I don't go very many places very often.
[00:54:35] What would it be like then to just be able to have an Uber or Lyft type app on my phone that says, okay, tomorrow I have a 10 o'clock meeting in Boston and I want a car to take me there. So the. Checks with the servers and figures out. Okay. At 10 o'clock meaning, that means you're going to have to leave at eight 30 in order to get around the traffic that's normally happening.
[00:55:03] And so we'll have a car there for you. So all I have to do is walk out the apple, probably remind me, my butt out of bed and get outside. Cause the car is about to arrive. So the car pulls into my driveway or maybe just stops on the road and the app reminds me, Hey, the car's there I go out. I get in.
[00:55:22] And on the way down, I can work on getting ready for the meeting, getting some things done, just really kicking back, maybe having a nap as we go. And I'm there on time for my 10 o'clock. Just phenomenal. And from a financial standpoint, nowadays, how much is a car costing you? Have you ever done the math on that?
[00:55:44] How much does a typical car loan run you per month? And I also want to put in how about these leases? How many of us are leasing cars? My daughter leaves to Gargan believe she did that. Didn't leave to me. It didn't make financial sense, but maybe that's just because I've been around a while. But looking right now at some statistics from credit karma, they're saying us auto loans, new cars, your average monthly payment is $568.
[00:56:17] For an average loan term of 71 months. Good grief used cars, about $400. A month payment and average loan term, 65 months. I can't believe that I've never had a car loan for more than three years. Wow. That's incredible. So we're talking about six year notes on a new car. Wow. I guess that's because people buy cars based on the monthly payment, right?
[00:56:49] So figure that out. If you're paying $500 a month, how about just paying a subscription service? $500. You can get so many rides a month and you don't have to maintain the car. You don't have to buy insurance. You don't have to make any fixes. You don't have to do anything. And the car will just show up.
[00:57:08] That's what I was excited about. And it had some just amazing implications. If you think about it, it city dwell over dwellers and people who were directly in the suburbs, it'd be just phenomenal. And you could also have the robo taxis for longer trips. You can abandon that personal car. Really alternate.
[00:57:31] So now it's been about a decade into this self-driving car thing that was started. And, we were promised all of these cars, it reminds me of the fifties, we're all going to be driving, flying cars by. George Jetson one, when was he flying around the cities, but that's not happening.
[00:57:52] Okay. The progress on these automated vehicles has really slowed automakers and tech companies have missed all kinds of self-imposed deadlines for the autonomy. Look at what Elon Musk has promised again and again, it's. Basically in 2020, late 2020, it was going to have fully autonomous cars even calls itself dry.
[00:58:15] When it isn't really self-driving, it certainly isn't fully autonomous it more or less drives. It stays in the lane as it's driving down the highway. But the tech companies are looking for other ways to make money off of self-driving tech. Some of them have completely abandoned. There's self-driving cars, the sensors like the LIDAR, and I've had the LIDAR people on my show before they've all gotten cheaper.
[00:58:40] It doesn't cost you $50,000. Now just for one LIDAR sensor, think about what that means to these cars. So some of these manufacturers of these future autonomous cars are shifting to a new business strategy. And that is selling automated features directly to customers. In other words, you're going to buy a car, but that car isn't going to do much.
[00:59:09] Think about the golden key that the tech companies have used for years, right? IBM well-known for that, you buy a mainframe or from IBM or a mini computer from digital equipment corporation, and you have the same computer as someone that has this massive computer. But in fact the difference is that they turn off features and we're seeing that right now.
[00:59:34] I'm, I've mentioned that Subaru before where they are charging people for upgrades, but some of the companies are charging you monthly to use a remote start feature for instance, and many others. So what's happening is a major change. We have the consumer electronic show, right? January 20, 20 and general motors CEO, Mary Barra said that they would quote, aim to deliver our first personal autonomous vehicles as soon as the middle of this decade.
[01:00:07] So again, it slipped, right? I'm looking at it, a picture of what they're considering to be. The new Cadillac car that should be out next year. Maybe thereafter. It is gorgeous. Absolutely gorgeous. But this announcement, right? Yeah. We're going to have autonomous vehicles, middle of the 2020s. She had no specific details at all.
[01:00:33] And apparently this personal robo car project is completely separate from this robo taxi fleet that's been developed by GM's cruise subsidiary. And cruise said it has plans to launch a commercial service in San Francisco this year. So they're going after multiple paths. The logic here is financial.
[01:00:56] The reasoning has changed and they're offering autonomy as a feature for the consumer market. Tesla, Elon Musk, they've been charging $10,000 now for the autopilot driver assistance feature. They're planning on raising it to $12,000 here early 2022 Tesla technology. Can't drive a car by itself.
[01:01:22] But he's going to charge you if you want it. And I expect that's going to be true of all of the major manufacturer that's out there. And by the way, they're also looking at customization, like color changing cars and things. They're going to charge them as features. Hey, stick around. Visit me online.
[01:01:43] Craig peterson.com.
[01:01:46] Just how secure are our smartphones. We've got the iPhones, we've got Android out there. We've talked a little bit about this before, but new research is showing something I didn't really expect, frankly.
[01:02:02] We've got some new research that wired had a great article about last week that is talking about the openings that iOS and Android security provide for anyone with the right tools. You're probably familiar at least vaguely with some cases where the FBI or other law enforcement agencies have gone to apple and tried to have.
[01:02:29] Old break into iPhones. Apples, refuse to do that one in particular, down in Southern California, where they tried to get apple to open up this I phone and tell them who was this person talking to after a shooting of foul of fellow employees at a. It was really something, there was a lot of tense times and we've seen for decades now, the federal government trying to gain access to our devices.
[01:03:04] They wanted a back door. And whenever you have a back door, there's a potential that someone's going to get in. So let's say you've got a. And your house has a front door. It has a backdoor, probably has some windows, but we'll ignore those for now. Okay. And you have guards posted at that front. All in someone needs to do is figure out to how to get into that back door.
[01:03:31] If they want to get into your house, it might be easy. It might be difficult, but they know there's a back door and they're going to figure out a way to get in. And maybe what they're going to do is find a friend that works for that security company, that post of the guards out front. And see if that friend can get a copy of the.
[01:03:51] That'll let them in the back door. And that's where we've had some real concerns over the year years here, a decades, frankly, our first, I remember this coming up during the Clinton administration, very big deal with the. That they were pushing. This was a cryptographic chip that they wanted every manufacturer to use if they wanted to have encryption and the white house and every gov federal government agency, and probably ultimately every local agency had the ability to break any encryption that was created by the clipper.
[01:04:30] In fact, we were able to track Saddam Hussein and his sons and his inner circle. Because he was using some encrypted phones that were being made by a company in England. And that company in England did have a back door into those encrypted phones. And so we were able to track them and we could listen in, on all of their communications back and forth.
[01:04:56] And it's really frankly, oppressed. When that sort of thing happens. So what do you do? What are you supposed to do? How can you make it so that your devices are safe? There are some ways to be relatively safe, but these cryptographers over Johns Hopkins university, Use some publicly available documentation that was available from apple and Google, as well as their own analysis.
[01:05:26] And they looked into Android and iOS encryption and they founded lacking. So they studied more than a decades worth of reports. How about which mobile security features had been bypassed had been a hack. I had been used by law enforcement and criminals in order to get into these phones. They got some of these hacking tools off of the dark web and other places, and they tried to figure.
[01:05:59] So we've got a quote here from Johns Hopkins, cryptographer, Matthew Green, who oversaw the research. It just really shocked me because I came into this project thinking that these phones are really protecting user data. Now I've come out of the project, thinking almost nothing is protected as much as it could be.
[01:06:22] So why do we need a backdoor for law enforcement? When the protections that these phones actually offer are so bad. Now there's some real interesting details of if you like this stuff, I followed cryptography for many decades. Now I've always found it. Fascinating. There are some lightweight things I'm going to touch on here.
[01:06:46] We won't get too deep in this, but here's another quote. Again, Johns Hopkins university on Android. You can not only attack the operating system level, but other different layers of software that can be vulnerable in different ways. Another quote here on iOS in particular, the infrastructure is in place for hierarchal encrypted.
[01:07:10] Now higher are hierarchical. Encryption is various layers of encryption. If you have an iPhone or an iPad, or if you have most Android phones nowadays, if you use a passcode in order to unlock the phone or even a fingerprint or a face. Your method of authentication is used to encrypt everything on the phone, but in reality, everything on the phone is only fully encrypted when the phone is powered off.
[01:07:49] Now that's a real, interesting thing to think about because obviously the phone can't work. If everything's encrypted. It needs access to the programs. It needs access to your data. So what they found bottom line was the only way to have a truly safe machine or a smartphone in this case is to turn it off because when you turn it on and it boots up on first boot, now it gets.
[01:08:20] Either by bio medical information, like your fingerprint or your face sprint or your passcode, it then has a key that it can use to decrypt things. So apple has on the iPhone, something, they call complete protection and that's again, when the iPhone has been turned off on boots up because the user has to unlock the device before anything can happen on the phone.
[01:08:45] And the is protections are very. Now you could be forced to unlock the phone by a bad guy, for instance, or in some cases, a warrant or an order from a judge, but forensic tools that, that they are using the police and the criminals really would have almost no luck at pulling information off of your phone.
[01:09:11] That would be useful at all because it would all be encrypted, right? If they could. So once you've unlocked your phone after that first reboot molt, after that reboot, right? You unlocked it after power up. A lot of the data moves into a different mode that apple calls protected until first user authentication.
[01:09:32] But it's what I call after first unlock. So when you think about it, your phone is almost always in the after first unlocks. Because how often do you reboot your phone? No, it's pretty rare that your phone might do on. And this is particularly true for I-phones might do updates and boot and reboot. And then of course you have to unlock that phone, but it doesn't go much further.
[01:10:01] The net and that's, what's interesting. That's how law enforcement and the bad guys, these Israeli companies and others have been able to get into iPhones and get into Android devices because ultimately if that computer is turned on and you've logged in, there's a lot of data. That's no longer encrypted.
[01:10:22] Oh. And by the way, that's also how some of these attacks occur on our laptops. Particularly if you traveled to. In the memory on that laptop that you close the lid on, you have to re log into is the key to UNHCR, unencrypt, everything, right? Because you logged in once. So all they have to do is freeze the memory, duplicate the memory and put it back in part of the reason, by the way that apple laptops have their memory soldered in you can't do that kind of attack.
[01:10:56] Stick around. We'll be right back.
[01:11:00] VPNs are good and they are bad. It depends on the type of VPN. Many of these commercial VPNs of people are using are actually very bad for you when it comes to your security.
[01:11:17] VPNs are Trump problematic. I did a couple of boot camps on VPNs. Probably I think it was about last year.
[01:11:26] Yeah, it was last spring. And I went through and explained and showed exactly why commercial VPNs are one of the worst things you could possibly do if you want. To stay secure. Now I lemme just give you the high level here. I have given people copies of this, if you're interested in a link to that VPN webinar that I did, I'd be glad to send it to you.
[01:11:57] Just email me Emmy at Craig Peterson, doc. And ask me for the VPN information and I'll send that all off to you. I also wrote something up that I've been sending out to people that have asked about VPNs. Cause it's one of the most common questions we have Franklin, but here's your problem with commercial VPNs?
[01:12:18] Most all of them say, oh, your information safe at zero logging, et cetera. And yet we have found again and again that's not. In fact, it can't possibly be true in almost every case because most of these VPN services are running out of other people's data centers. So they might be in an Amazon data center or IBM or Microsoft.
[01:12:45] And inside that data center, your data is coming in and then it's going to. So let's say you're using a VPN and you're connecting to a website. I don't care. Go to google.com via a VPN. So you're using one of these services. That's advertised all over creation. And what happens now is. Your web request to get to Google passes over that encrypted VPN and comes to an exit point because at some point it has to get onto the regular internet.
[01:13:20] How else are you going to get to that website? On the other side? You can't, unless you get to the regular internet. So at the other side, now the server is that's receiving the end point of view. VPN is going to send the request to Google. Google is going to respond to that VPN server. It's going to be encrypted and sent back to you.
[01:13:43] So what's the problem with that? There's multiple problems. One is the data center can see. That there is the request going up to Google. Now he might not be able to tell who it was. But if that VPN server has been hacked. And let me tell you, it is a big target for hackers, government hackers, as well as bad guys.
[01:14:06] Then they do know who went out there and depending on how it was hacked and how the VPN was set up, they may even be able to see all of the data that you're sending back and forth. It's called a man in the middle of. And some of these VPN services do it by having you install some software on your computer.
[01:14:28] And as part of that installation, they provide you with a master key that they then use to spoon. The keys for the websites. You're going to some, explain that what happens is if you were to go right now on your web browser, go to Craig peterson.com as an example. So Craig peterson.com. I'm typing it in right now in the browser.
[01:14:55] That's directly in front of me. Now you'll see a little lock up in the URL. What does that mean? If you click on that lock, it says something about the connection being secure. Are you familiar with that? What's actually happening is it's using SSL TLS keys, but it's using encryption now to send the data from your computer.
[01:15:24] To my server, that's hosting Craig peterson.com. And then my server is sending all of the webpage back to you. Encrypted. Any fact, a VPN has been established between your web browser and my web server. So why use a third-party VB? Because your data is encrypted already, right? Could it be more simple than that?
[01:15:59] Now, remember again, that the server on the VPM service that you're using is a prime attack target for everybody else. As I said from government agencies through hackers. So your data is likely less safe because if they get a hold of it, they can do all kinds of things to your data and to. And then on top of it, all the VPN service may well be selling your data in order to make money, to support the VPN service because free VPNs, inexpensive VPN sees the ones that are charging you five or 10 bucks a month cannot possibly afford to provide you with that service.
[01:16:51] And in the bootcamp, I go through all of the numbers here, the costs involved. With a VPN service it's not possible to do. They can't make any money off of it. So it is a very big problem for you to use one of these public VPN services. Now, I want to talk about an arc article that was on Z.
[01:17:19] Apparently your old pole, which is of course the police over there in the European nations has seized servers. What servers, VPN servers in Europe. Now they seized the servers because they were used by who was it? Grandma looking at pictures of the grandkids. Was it people watching cat videos who was using the VPN server?
[01:17:45] The paid VPN service. Wow. It was criminals. And when they seized these VPN servers that were also being used by criminals, they found more than a hundred businesses that had fallen victims to attacks. So who uses VPN services? People who want to hide something as well as people who just want to have their data secure.
[01:18:14] Another reason not to use VPN services. So as a part of the joint action by Europol Germany's police Hanover police department, the FBI, UK national crime agency, and others seized 15 servers used by VPN lab dot. Okay. So VPN lab.net net, obviously no longer usable. And they started looking at all of the records that were being kept in these servers and use that to find the criminal.
[01:18:48] Does that make sense to you? So VPN lab.net was according to these charges, facilitating illicit activities, such as malware distribution. Other cases showed the services use in setting up infrastructure and communications behind ransomware campaigns, as well as the actual deployment of ransomware. You like that.
[01:19:12] Now they were using open VPN technology, which is actually very good. As part of that VPN information, I can send you if you're interested, just email me M [email protected] Let me know what you're interested in, and I'll whoop you off an email. Give me a few days I can get behind sometimes, but you can set up your own private VPN server if that's what you want to do.
[01:19:38] And I've gotten instructions on how to do that in that little special report in that email, but They were providing what they called online anonymity, this VPN lab.net service for as little as $60 a year. Okay. You like that? So they provided what they call double VPN servers and a lot of different countries and made it a popular choice for cyber criminals.
[01:20:04] Very big deal. Okay. So be very careful with VPNs. Also be careful of the VPN you might be using for your business. Let's say you've got something that isn't terribly secure or not secure at all as your firewall, right? So you buy a nice little firewall or this is so great. It's not expensive. And I got it online from a big box retailer.
[01:20:27] Most of them out there do not meet. The minimum standards you really need in order to keep your business. And there's only two companies that do one of them, Cisco, and one of them's Juniper, that's it? None of the other firewalls with VPNs meet the minimal standards you need to have, but those be glad to sell it to you.
[01:20:49] They'll be glad to tell you that it's perfectly secure, but it is not okay. Just went through that again with a company this week an engineering firm and at least they understand some of the stuff, but they were trying to do the right thing and they were being misled by these various vendors. So this action against VPN lab took place in January involved with authorities from Germany.
[01:21:15] The Netherlands Canada, Czech Republic, France, Hungary, Latvia, Ukraine, us UK, as well as your old pole. So there you go. You've gotta be careful don't trust VPNs, right? I've been saying that for a very long time. And then the other thing I want to. Is hopefully this summer we're going to be traveling.
[01:21:40] And when you're traveling, the temptation is to use public wifi might be at the hotel. It might be at a restaurant coffee shop, whatever. Okay. I admit to doing that myself. But here's two things you need to be careful with. One use, good DNS filtering. Now we sell and provide umbrella, which is a Cisco product, which is extremely good.
[01:22:08] DNS filtering. You can get free DNS filtering that isn't configurable, doesn't have the options, but is fantastic called open DNS. I've got, again, I did a bootcamp on that. I can send you information on it if you want. It doesn't cost you a dime for any of this stuff, but open DNS. And then the other thing I do, I have a high-end Cisco firewall and VPN.
[01:22:34] So when I'm on the road, even when I'm using data from the phone company, I have my secure VPN turned on FIPs compliant, by the way, for those who know what that means. Hey, visit me online. Craig peterson.com. Get my show notes. Get my Wednesday, wisdoms everything. Craig peterson.com. It's easy to sign up right there on any page.