Solar Cells Are Polluting Our Groundwater - Resurrection of Coal Plans By MIT - Latest Cyberattacks - Will Elon Musk Beat Twitter?
Release Date: 07/22/2022
Craig Peterson - America's Leading CyberSecurity Strategist
America Could Save $Billions$ on Prescriptions -Microsoft 365 users are under attack Business email compromises stealing billions again - Online privacy getting better thanks to - Apple Need help? Get my newest punchlists - Google's huge problem in Russia - Kill switches in cars -- again About one-third of Americans are taking a prescription, and this is kind of the scary part. The average person who is on a prescription has four prescriptions, and we're paying dearly for it. But mark Cuban has an answer. [Automated Transcript Follows] Well, you know, I do a lot of stuff in cybersecurity, and...info_outline American Invents Act Has Destroyed Innovation - Cops want to keep mass surveillance secret - Hackers Hide Malware in James Webb Space Telescope Images - TikShock: 5 TikTok scams - Ukrainian Police Bust Crypto Fraud Call Centers
Craig Peterson - America's Leading CyberSecurity Strategist
American Invents Act Has Destroyed Innovation - Cops want to keep mass surveillance app secret; privacy advocates refused - Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope - TikShock: Don’t get caught out by these 5 TikTok scams - Ukrainian Police Bust Crypto Fraud Call Centers Well, the birds are coming home to roost. Well, not the chickens in this case, but this is called the death warrant for American ingenuity. We'll start by talking through this great article from this week's newsletter. [Automated transcript follows.] Well, I hate to say this, but in...info_outline Colorado First State to Take Control of Smart Thermostats - Green Energy Initiatives About to Kill - This Winter Will Be Terrible - We Need 487 New eCar Charging Stations Per Day For Next Eight Years
Craig Peterson - America's Leading CyberSecurity Strategist
Colorado First State to Take Control of Smart Thermostats - Green Energy Initiatives About to Kill - This Winter Will Be Terrible - We Need 487 New eCar Charging Stations Per Day For Next Eight Years If you got my newsletter this week, you might have noticed that almost everything is about the power grid. Well, it, it kind of is. And we're going to be talking about some of the implications here... [Automated transcript follows] Well, I'm sure you've heard about California and the amazing power shortages that they have out there. It's terrible, right? On a hot day, they're running out of power...info_outline It's Trash Time For Your Computer - Autonomous Car Crash Kills - Which is better for your car? Buttons or a Screen? - Now we have a Chip Backlog! - Facebook tracking Your Hospital Appointments
Craig Peterson - America's Leading CyberSecurity Strategist
It's Trash Time For Your Computer - Autonomous Car Crash Kills - Which is better for your car? Buttons or a Screen? - Now we have a Chip Backlog! - Facebook tracking Your Hospital Appointments Hey, you know, it is probably time to do an upgrade on that computer of yours to Windows 11. Or maybe you're going to move over to the Linux world. That's what I did with my older computer. It's running Linux now. Much faster, but there's more to it than that. [Automated transcript follows] I send out my newsletter, my insider show notes every Monday morning. [00:00:22] Usually sometimes it's Tuesday,...info_outline Your Crypto Is Being Tracked - Your Passwordless Future - How Safe is WhatsApp? - Business Email Compromise - Facebook Lost Your Data - Ransomware Prevention Cheaper Than Cure
Craig Peterson - America's Leading CyberSecurity Strategist
Your Crypto Is Being Tracked - Your Passwordless Future - How Safe is WhatsApp? - Business Email Compromise - Facebook Lost Your Data - Ransomware Prevention Cheaper Than Cure Cryptocurrencies were thought to be like the gold standard of being secure. Having your information stay private. Maybe if you don't want to use regular currency and transactions. But it's changed. [Following is an automated transcript] We have had such volatility over the years when it comes to what are called cryptocurrencies. [00:00:23] Now I, I get a lot of questions about cryptocurrencies. First of all, let me say,...info_outline The CHIPS Act - More Billions to China? What's the Best Private Search Engine? Private Messengers
Craig Peterson - America's Leading CyberSecurity Strategist
The CHIPS Act More Billions to China? What's the Best Private Search Engine? Private Messengers Well, they did it. Yeah, it's no longer called "Build Back Better," but it's now the "Inflation Reduction Act." Imagine that. Reducing inflation by causing more inflation through massive spending. And then there's the the "CHIPS" act and, uh, yeah, government's coming for our wallets again. Oh, and this is bound to make things worse. [Following is an automated transcript.] The semiconductor industry has been hit hard by the lockdown. [00:00:21] Of course, it just totally destroyed supply...info_outline Solar Cells Are Polluting Our Groundwater - Resurrection of Coal Plans By MIT - Latest Cyberattacks - Will Elon Musk Beat Twitter?
Craig Peterson - America's Leading CyberSecurity Strategist
Solar Cells Are Polluting Our Groundwater The Resurrection of Coal Plans By MIT Latest Cyberattacks Will Elon Musk Beat Twitter? We all want a green world. I can't think of anybody that doesn't want one, but there are people with ulterior motives. That's a different thing, but California has really caused itself a whole lot of non green. Rooftop solar, right? That's gonna be the solution to all of our problems. [Automated transcript follows.] Not the fact that the electric cars, people buy use three times as much electricity as our air conditioners yet. Not the fact that we have rolling...info_outline Do You Know Anyone Who Uses TikTok? Kids Are Dying Because of It!
Craig Peterson - America's Leading CyberSecurity Strategist
Do You Know Anyone Who Uses TikTok? Kids Are Dying Because of It! TikTok has been in the news for a lot of reasons. It is now confirmed. It is used for Chinese spy operations, but the big problem right now is the kids that are dying because of TikTok. [Automatic transcript follows] You are not alone. I'm Craig Peterson TikTok has been in the crosshairs for quite a while. This is a Chinese company. Tencent is the Chinese company that started them up and they really kind of got their foundation through what you'd call challenges probably. [00:00:37] Everybody remembers the ice bucket challenge...info_outline What's With Those Strange Texts We've Been Getting?
Craig Peterson - America's Leading CyberSecurity Strategist
What's With Those Strange Texts We've Been Getting? PLUS Hackers Using Deepfakes to Get Jobs Autonomous Taxis Block Intersection This New Law May Make Your Medical Care Cheaper and Better Even the NSA is Being Spied On Do You Use the Best Search Engine? What's the deal with those weird, wrong number texts. This is kind of a really big deal, frankly, when we get right down to it, because we are getting scammed, there's even a special name for these types of scams. and I don't even know what to start with this, cuz it's absolutely crazy. [Following is an Automated Transcript] [00:00:18] This...info_outline Saving 79% on Prescriptions - Microsoft Outlook Attack in Progress! - Does Your Business Use eMail? FBI Warning
Craig Peterson - America's Leading CyberSecurity Strategist
Saving 79% on PrescriptionsMicrosoft Outlook Attack in Progress! Does Your Business Use eMail? FBI Warning About one-third of Americans are taking a prescription drug -- And this is kind of the scary part. The average person who is on a prescription has four prescriptions and we're paying dearly for it. But mark Cuban has an answer. [Following is an automated transcript] Well, you know, I do a lot of stuff in cybersecurity and I've got a few different courses coming up. [00:00:22] And of course, we do a little bit of weekly training for anybody who's on my email list, you know, on the free...info_outline
Solar Cells Are Polluting Our Groundwater
The Resurrection of Coal Plans By MIT
Will Elon Musk Beat Twitter?
We all want a green world. I can't think of anybody that doesn't want one, but there are people with ulterior motives. That's a different thing, but California has really caused itself a whole lot of non green. Rooftop solar, right? That's gonna be the solution to all of our problems.
[Automated transcript follows.]
Not the fact that the electric cars, people buy use three times as much electricity as our air conditioners yet. Not the fact that we have rolling blackouts because we don't have enough. Power cuz we've shut down plants before we were actually ready to replace that power. Not that Texas is right now having blackouts as is California having blackouts because of this stupidity.
[00:00:52] Of some of these regulators. It's absolutely crazy. You know, we are the greenest country in the world. All of our plants, our coal plants are cleaner than anybody else's anywhere in the world. And California's. Really got itself into a big problem here, because again of shortsightedness, I just don't get it.
[00:01:16] You know, maybe it is follow the money, maybe, you know, Nancy Pelosi's husband making millions of dollars and, and, uh, using inside information is, is absolutely true. And, uh, maybe it. To do with that, right? It's not really green it's to enrich the politicians. How can you go to Washington DC on the salary?
[00:01:37] Congress has as expensive as it is in Washington, DC and come out a multimillionaire. Uh, there's only one way that can happen. Right. I, I remember the, the trade that Hillary Clinton made, what was it? Beef or something. Right. And she made like $80,000. Well, you know, that sort of tip is a sort of thing.
[00:01:58] That'll put Martha Stewart in jail, but not our politicians. It's absolutely crazy. I don't get it. So California, they have been a pioneer in push. For rooftop, solar panels. Now I get it. They're cool. I get it. It's really nice to have the grid buy electricity back from you when there is plenty of sun and when the grid needs it, but the grids aren't really set up for this sort of stuff.
[00:02:31] But I, I know a few listeners that really love their solar panels. There's one guy. Who has put a whole bunch of panels up solar panels in a field, and he has some cattle and horses and stuff. And so they, they live with these solar panels in the field and he bought himself a couple of Nissan leaves.
[00:02:52] These are these electric cars from Nissan. You might remember them. They've been around for a while and he's just tickled pink that yeah. He had to buy the solar panels. Yeah. He had to install of them. Yeah. He has to keep the snow off of them. Yeah. He has to clean the dust off of them. Yeah. He has to clean, uh, all of the bird stuff off of them, but it's.
[00:03:14] Right. Yeah. Okay. So he gets to drive around and he says, you know, I don't usually go much further than the grocery store or maybe a quick under tractor supply. And it, it, it doesn't cost him anything incrementally. So California decided it was going to go green, green, green, green. Right. And what's one of the best ways to do that.
[00:03:36] Well, we need more electricity. Let's go for rooftop. Solar in. California decided it would go ahead and subsidize these wonderful solar panels on people's roofs all over the place. Not, not like one big central farm, uh, out in the Mohave desert, that's collecting all of the solar. It can possibly collect and then turn it into electricity that can feed into the grid.
[00:04:04] No, it's all decentralizes on all of these rooftops now. We're talking about 20 years later, there are 1.3 million rooftops estimated to have solar cells on them out there in California. And the real bill is coming due. It isn't cleaning the, you know, the bird increment off. Yeah. The real bill in California for the rooftop solar isn't getting the snow off of them.
[00:04:32] Keeping them clean. No, it has to. With completely non-green stuff here. 90% of all of these solar cells that were put onto roofs in California that have been taken down 90% of them have ended up in landfills. Yeah, absolutely. Now the lifetime expectant, uh, lifetime of these solar panels is, uh, 25, maybe 30.
[00:05:05] As long as they're not damaged, or if you really wanna keep up with the technology because solar panels are increasing in efficiency, as time goes on, might be a lot less, right. Might be like a 10 to 15 years cycle. If you have that much money out there. But many of these are now winding up in landfills.
[00:05:25] And the real concern is that they could contam. Groundwater. I've talked about this before. If these solar panels crack, what could happen while they have heavy toxic metals in them such as lead, we know how bad lead is, right. Can't have lead in your house anymore. A selenium cadmium. Right? All things you don't want to have mercury, mercury vapor, you don't want to go anywhere near mercury vapor.
[00:05:54] Uh, except for the fact that the federal government forced us to put them into our homes in the form of purely Q light bulbs. Remember those things? Yeah. Highly toxic breaking. One of those light bulbs, a fluorescent light makes your home a toxic waste site. According to EPA regulations. So I'm sure if you ever had a, a fluorescent light bulb break and that includes the bigger ones, right.
[00:06:21] You might have in the roof, uh, up on the, the top of your office, uh, you know, wherever it might be, you, you, you must have, um, went out and you, you bought, maybe you even had standing by for you some really wonderful. Plastic that you could put up, you know, tape up so that you can isolate the room that has the toxic waste in it, from breaking that light bulb that the federal government made you buy, because you couldn't buy regular incandescent bulbs that you wanted anymore.
[00:06:52] And, uh, they encouraged you and they gave you discounts on it and they subsidize. Yeah. Yeah. Those bulbs. And then, uh, of course you went in with a full respirator and a full suit on that, uh, you know, Tyvec and you taped it up, make sure that tape up around the gloves onto the Tyvec suit so that none of that mercury gets.
[00:07:12] Onto your skin. And, and then you obviously used a specialized vacuum cleaner for toxic hazardous waste and, and vacuumed up like the carpet or the floor, maybe it got onto your couch. Right? You, you did all of that. And then you put it all into a sealed, uh, container of some sort, typically like a glass bottle or something.
[00:07:36] So it's not gonna be able to. Out right. You, you must have done all of that because I I'm sure everyone knew what was going on with those fluorescent bulbs, those little curly Q bulbs. Right. Does that make sense to you? Yeah. Yeah, exactly. So now, California. has 1.3 million rooftops with rooftops, solar power on them.
[00:08:04] Now it isn't like it's out in, as I mentioned a great place, but it out in the Mojave desert, right. They got more sun than they need out there. And so it's all one place and they can take those panels and they can recycle them. No, no, because it's illegal to recycle them in California. Because of the heavy metals, the toxic metals.
[00:08:26] So instead of that, people are just dumping them in their trash and taking them to landfills, et cetera, et C. We're talking about truckloads of waste, some of this stuff badly contaminated, and it really shows how short sight, uh, environmental policy can create incredible problems that were easily foresee right though, the industry's supposed to be green, but in reality, According to Sam Vanderhoff, who is a solar industry expert, chief executive recycled PV solar.
[00:09:01] He says the reality about this industry. is not that it's green, but in reality, it's all about the money. Wait a minute. Isn't no, there's not what I just said earlier. Yeah, yeah. Yeah. So California came early with solar power. They granted $3.3 billion in subsidies for installing solar panels on rooftops.
[00:09:26] And yet, you know, barreling ahead with this renewable energy program, they are now at a point where they have rolling blackouts. They have problems with electricity generation. They have problems with the rooftop, solar, and as it is aged, getting rid of it. Have you seen those pictures of Hawaii with those windmill farm?
[00:09:50] that are just sitting there rusting away. Cuz the windmills aren't turning you'd think Hawaii, right? A lot of wind isn't that a great way to do it, but it takes a lot of space kills some birds and uh, it takes a lot of maintenance. They're very expensive to maintain. So they just let some of these, uh, wind farms just totally rested away.
[00:10:12] We need to elect people, send them to Washington, DC that don't touch things like this with a 5,000 foot pole. The, the reason is that you look at a great investor, a great business investor. That they make money, right? Oh, wouldn't it be great to be mark Cuban or one of the sharks, right? That are making money, investing money.
[00:10:39] Well, yeah, it, it certainly would be, uh, they at best, at best make money out of one out of 10 investments, federal government, it bats pretty close to zero. Zero, right. Oh, oh no, that's not true. Right. Uh, we talked about the millions of dollars that Congress people make. Yeah. Yeah. So they don't bat zero, the Congress and, uh, this political crack class bats, a thousand in their own pocket.
[00:11:13] Let's stop this stuff from Washington DC. It's insanity. Thank goodness California did this so we can see how insane these solar rooftop policies are. At least for the near future.
[00:11:27] Well, we've talked about solar cells. We've talked about the new nuclear, which is incredible stuff. Well, there is a new MIT spinout that's tapping into a million year energy supply right here.
[00:11:44] Government has been terrible about picking winners. It, it kind of reminds me of a quote from Henry Ford where you said, if I had asked people what they wanted, they would've said faster horses, and that's kind of the mentality of government, whatever they're investing in, or their friends, their buddies, their, their voters, their donors are investing in.
[00:12:07] That's what they'll push. So we haven't had a fair shake of some of these technologies, really, you know, the hydrogen who knows what else we could be powering our cars with that hasn't come forward because government's been putting just literally trillions of dollars of support into electric cars. Okay.
[00:12:29] And electric cars. Great. Don't get me wrong. They're the cool technology. I wouldn't mind owning one of them. The government should not be the one who decides the winners and losers. That's the communist way. That's central planning. Central planning does not work. I, I I'm really on a bit of a rampage today.
[00:12:52] It's it? This is just crazy, but this, this is a reason right now. What I'm gonna talk about, why central planning has failed us yet again. Right. Just because it's a big problem. Doesn't mean it's a federal government problem. And the big problem is okay. All of us want green stuff, right? Not this green movement.
[00:13:17] That's all about again, central planning, government control, not that stuff, but we want. Clean environment. We want good, healthy food. We want all of this stuff. That's going to make us healthy. The world healthy, the earth, healthy feed the population of the world. Everything everybody does. I don't get it. I don't know why they, well, anyways, we won't get into that.
[00:13:44] Right. Here's this here's an example. Government has been moving us directly towards solar panels, which we've talked about and, and how they really can and do hurt the environment very, very badly. We talked about the disposal of them. We've talked before about the manufacturing of solar panels and how it is horrific when it comes to the health of our.
[00:14:12] How about this one, this M I T group. These are, it's really kind of cool here. Qua energy is this company that they founded and it is a spin out from MIT. And what they're looking to do is use the power potential that's beneath our feet in order to create a literally a carbon free pollution, free energy source.
[00:14:39] Absolutely amazing. Now we've talked about this for a long time. You, you look at some of these countries in the world that have a lot of volcanic activity. I'm particularly thinking about Iceland right now and how they are taking all of this geothermal thermal potential and turning it into electric.
[00:15:02] Which is fantastic. Right? And when you look at the stability of geothermal, it is dead on it is there, it is always there. If you're looking at the stability of geothermal, for instance, doesn't think of a volcano. How often do the volcanoes move? It it's pretty solid, pretty long term. Certainly there's tectonic activity and the plates move, but it's at, at just an incredibly slow rate.
[00:15:32] You're talking about inches a year. Well, they've looked at a couple of things. One is this abandoned coal power plant in upstate new. And as overall people are looking at it saying, it's just, it's worth nothing. Right? It's a Relic from ages gone by heaven. Forbid we burn coal and I, I would rather not burn coal personally, but get down and think about this.
[00:15:57] Now you've got a cold power plant. What is planned? What does that have in it? That might be useful. It still has transmission lines that run to the grid, the power grid, it's a central producer of electricity, which is exactly how our power grid is set up. We're not set up for having every home or, you know, half of them or whatever it is, generating electricity with solar power or having windmills here and there we're set up for having centralized.
[00:16:32] Power generation Nicola, Tesla aside, right? That's how we're set up. So this old cow coal power plant has transmission lines. It still has a power turbine. How does a coal plant work? How does a nuclear plant work? It generates heat and that heat creates steam. And that steam is used to drive a tur. Much like what happens at a hydroelectric dam, the water drives a turbine, and then that turbine, ultimately of course drives a massive alternator of some sort, some sort of a, a generator, if you will.
[00:17:10] And that's hooked up to our power lines. Now, what's really interesting here. Is their technology. You might have heard about this place. I remember reading about this and all kinds of interesting stories, a about this hole that was drilled in, in Russia. I think it was, and they went down. What was it like 5,000 feet or something?
[00:17:37] Um, Uh, and they abandoned it. Right? Cause they were trying to do the whole thing, but here's the interesting part of what the MIT guys are saying that the crust anywhere in the world about it kind of varies a little bit, but basically about, uh, 10 to 20 kilometers deep has the enough geothermal energy.
[00:18:09] to drive something like this power plant, this old coal power plant in upstate New York. But the problem is how do you drill that deep? The Russians, a Soviet union had a hard time doing it and they didn't, they didn't reach their ultimate goal, uh, and interesting backs stories on all of that, that we don't have time for today.
[00:18:30] what these guys are doing is they have created an approach that vaporizes the rock. So they're not drilling. And if you've ever seen drilling operations, watched it on the discovery channel or something, which I have, it's really cool. You, you realize that when they start hitting hard rock granite bedrock, they stop.
[00:18:55] Cuz it becomes so slow. So they use the diamond. Tip drill heads and, and they drill and it's slow, but what's happening right now is they're using gyro trons to heat the material it's been done for years in nuclear fusion experiments, but they're taking that basic technology and using it for new geothermal drilling technique.
[00:19:23] That is cool. So these gyal trons, haven't been well known in the general science community fusion researchers know about it, but what they're saying is this is going to give them the ability to drill. These massive holes, you know, depth wise. And right now 400 feet is kind of as far as we can usually drill, but this is gonna let them go kilometers into the earth.
[00:19:52] They're gonna be able to tap into that, the energy here, basically, you're talking about what you get out of a volcano, right? That sort of energy, that heat bring it up and then boil the water and run it through that coal power. At least the infrastructure that's in there, the generators and everything else.
[00:20:13] So very, very cool. And this is something that's being done right now. They expect within a few years to have an actual functional demonstration of this blasting its way through melt. Rock and some of the hardest rock on the surface of the earth. Hey, you should have received my insider show notes Tuesday morning.
[00:20:38] If you didn't, you can get 'em for free. Just go to Craig peterson.com. And if you have any questions, just email me, me, Craig peterson.com.
[00:20:53] Do you remember this moment from the fifth element? Old tricks are the best tricks? Eh, yeah. Well, we're talking about attackers right now, cybersecurity and the old tricks are the best tricks. No doubt about that. They're back to the old ways. Yep. Oh, well,
[00:21:10] There are a lot of security firms out there. It's just absolutely amazing to me.
[00:21:16] I get ads all of the time, as you can imagine, from dozens and dozens of startups and big guys, and I'm looking at a page right now and there was what, six different ads on here for cybersecurity stuff. This is a site called dark reading. It's one. Pay some fairly close attention to, because they are talking about cybersecurity stuff.
[00:21:40] So I guess that makes sense. But attackers are doing things every day right now. What are they doing? That's what Robert Lamos is talking about. And he's looking at a report that was produced by yet another security firm called Tetra defense and they analyzed data from the first quarter 2020. Now, when you think about cybersecurity and the problems we have, what do you think about, what do you think of?
[00:22:12] Is it ransomware, fishing, maybe? What, what do you think it is? Well, what this Tetra defense found is that 54% more costs. From compromises caused by user actions comes from drum roll. Pete, please. I, I don't know if I said that very, very well. Let me just do that one more time. Okay. Take two. uh, compromises cost victims 54% more.
[00:22:47] When we're talking about unpatched servers. And vulnerable remote access systems like Microsoft RDP, remote desktop, 54% more. That is huge, absolutely huge. Who would've thought of that by the way, these unpatched vulnerabilities from the first quarter and exposing risky services, such as remote desktop protocol account for 82%.
[00:23:17] Of successful attacks while social engineering employees. And that includes things like fishing accounted for just 18%. Of successful compromises that my friends is a very, very big deal. And as I said, at the very beginning, it is, uh, no trick that they've been up to for a long time. So what I'm trying to get at here, I know I'm kinda wandering a little about a little here mentally, but I'm trying to get at the point that we.
[00:23:50] To patch our systems and we have to apply patches ASAP. We have to make sure those patches are in place because it's, it's an absolutely horrible situation out there. I know a lot of companies that use Microsoft's remote desk. Top. And it has been just a horrific battleground when it comes to hackers because of all of the bugs that have been found in there and major vulnerabilities, uh, the log four shell bug.
[00:24:21] This is the one that's tying into Java has been reported on a whole lot, but it is used in about 22% of breaches. So that's not bad for one vulnerability. And it's a crazy vulnerability. This is a problem with languages like Java, where you have people writing code that don't realize what's happening in all of these libraries are pulling in, you know, in Java you just say, okay, uh, write this out to a file for me.
[00:24:52] And don't realize that the code that's actually doing that is parsing what you send it, and it might have a command in it that you. To it and it'll execute the command and that's the basics of that particular problem. Okay. So we're expecting all of these tactics to continue. There are a finite amount today of vulnerable exchange servers, which is another problem that the attackers have been using to really cause a whole lot of problems for us.
[00:25:24] There will be new problems in the future. There's always new software introduced and the new software always has more problems. And there are a lot of people in the cybersecurity business that say, we should just assume that systems are compromised. So instead of trying to protect them as much, let's look for the compromises, which is an interesting way of doing things.
[00:25:46] Frankly. So cloud misconfiguration, that's another big one that's out there. And I'm seeing that all of the time right now, we're working with a client. That's using a lot of Microsoft Azure stuff and Microsoft Azure, Amazon. But in fact, Amazon S three buckets, which are a way to store files up in the cloud inside.
[00:26:10] Have really been hit hard because of misconfiguration. You see, when it gets very difficult to configure something, people tend to take shortcuts, don't think it through. And in this case they have lost a whole lot, but. It's hard to estimate the damages, but looking at it, we're talking about major cybersecurity in incidents, accounting for about two to 10% of annual revenue cost wise.
[00:26:40] So a company that has maybe a hundred million in annual revenue could be looking at as much as 10% of that. In other words, 10 million as a financial impact of a cybersecurity incident. Now it's probably not gonna cost them 10 million to secure everything, but it might cost them a million a year and they just don't do it.
[00:27:06] It's just, they don't bother doing it. Look at the huge breaches that we've had from some of these, uh, credit reporting agencies. If you will, that keep all this personal information and data on. that have lost data for 200 million Americans. Right. Really? They cared and yet they, they just rake in money.
[00:27:28] They just print money. It's it's absolutely crazy. By the way, there was another report that was released a little earlier this year from crowd strike and it has a report that's based on incident data. And the one they released earlier this year was from 2021. And it's showing the breaches related to ransomware attacks had grown by 82% and the data showed that mal.
[00:27:58] Had only been used in 38% of successful intrusions and 45% of attackers were manually conducting the attacks. So if you thought early on, when we started talking here that ransomware was maybe the biggest problem, you're not entirely wrong because ransomware is the biggest growing problem that we're seeing out there right now.
[00:28:22] So it's absolutely crazy. The average time to move from an initial compromise. Remember, they're doing these things automated up front to try and find vulnerable systems or to try and get the ransomware out into your hands. That might be through a fishing attack, which by the way, fishing attacks increased 29%, that cent, that, that, um, so from the time they get that initial compromise to the time they're attacking other systems on the network.
[00:28:55] It's still about one and a half hours, according to the data that came outta CrowdStrike. Now that is concerning too, because that means you basically have an hour and a half after you've been compromised to detect it and do something about it. And that's why we use automated systems with our clients that really keep a close tab on everything.
[00:29:18] Look for various types of compromises, et cetera, et cetera. And I think it's, uh, an important thing to do because if you can't tell if you've been compromised, you just can't defend yourself. Hey, if you sign up for my newsletter, I will send you my most popular. Special reports that includes password special reports, how to use password managers, what the best ones are absolutely free.
[00:29:44] Right. I got a couple of others that I'll send you and you will get my weekly show notes that come out Tuesday mornings most weeks. And that will allow you to keep up to date on all of this. Be a little bit ahead, in fact of the radio show, because I'm talking about stuff that was in my insider show notes on Tuesday.
[00:30:03] So you get it in. Of everybody else. Just go to Craig peterson.com, sign up right there and you will be well on your way. Hey, stick around, cuz we'll be right back. Any questions [email protected]
[00:30:21] We've got a couple of things to talk about right now. We've got Elon. Mokis gotta be worried about this lawsuit. That's coming up and we'll tell you about that. And then also TikTok is in the news here. We've got two different problems with TikTok that talk about today.
[00:30:42] Hi, you are not alone. At least when it comes to your security and privacy. Hi, I'm Craig Peter son, and you are listening to news radio, w G a N a M five 60 and FM 98.5. I'd like to invite you to join me Wednesday mornings at 7 34 with Mr. Matt, we'll keep you out to. You know, of course about this whole thing.
[00:31:11] Elon Musk said he wanted to buy Twitter for a measly. What was it? 44. Billion dollars, right. Real money. And that's a, you know, a problem, especially when Twitter is alleged to be not worth as much as Twitter appears to be. You see, Twitter has had to file with the securities and exchange commission reports about.
[00:31:39] Their income, obviously writing expenses and management, and they have forward looking statements about what they're gonna be doing in the future. And all of that goes into a pot and kind of gets stirred up. And once it's all stirred up the investors, look at it and say, yeah, okay. I, I wanna invest in Twitter.
[00:31:59] One of the big variables that goes into the pot has to do with advertising revenue, which is based on eyeballs, how many eyeballs can Twitter attract? And of course that means Twitter wants to keep as many eyeballs as possible on this site at once. Right. And for the longest time possible. So that all makes some sense, but Twitter's been reporting in its public reports that less than 5% of the users slash postings there on Twitter, but less than 5% of the users are actually bots.
[00:32:39] These bots are used by. Bad guys, evil companies. And, uh, there are a lot of those out there that are trying to promote themselves. Look at how great we are. Yes. Yes. Look at wow. We're trending on Twitter. You should buy our stuff. And in reality, what they're doing is they are paying people who have bought to post thousands of tweets from different accounts using the company's hashtag it, it makes me ill, frankly, to think about this stuff, but that's what they do.
[00:33:17] So. If Twitter has a lot of these bots that are fake and are just trying to drive up the investors' price for some random product, or maybe it's what happened during the last few election cycles where Russia, China were Medling and getting people to vote for Trump against Trump, for Hillary against Hillary Biden, etcetera.
[00:33:46] Is it worth as much as investors thought. So I've been worried about what's gonna happen here. Elon Musk. He he's got to be worried if he actually ends up buying it, what's gonna happen. Is the securities and exchange commission going to do an investigation? Are they already doing one? Frankly? Probably are.
[00:34:08] And is he going to be liable for it? So Twitter's value has dropped. Now, it, it obviously went up when Musk made that, uh, that generous $44 billion purchase offer, but it has gone down since then. And since there are so many analysts saying, well, there's at least 10% bots, others saying it's 40%, it's 60%.
[00:34:34] And, and that kind of is based on the traffic, right? The amount of traffic, the bots are generating versus the number of accounts that are bought accounts. What, what happens? What should they do? How should they do it? What, how should they account for it? And if, if it's that high and there's questions about how high it is, then Twitter stock value is going to go down.
[00:34:55] So Musk pulled out of this whole thing and yeah, I can see why he did. However Delaware is where a lot of these public companies ha are incorporated. That's where their, you know, corporate headquarters are, if you will. That's where they get their authority to operate as a company. And the reason a lot of them do that in Delaware is Delaware has laws and taxes that are very favorable to publicly traded companies.
[00:35:29] And that says something right there too. Doesn't it? Well, Delaware has this thing called the court of Chancery and the judge that's handling Twitter's lawsuit against Musk. Her name is Kathleen McCormick. She is the chief judge in this case is called the court's chance. Has what Reuters called a no nonsense reputation, as well as the distinction of being one of the few jus who has ever ordered a reluctant buyer to close a us corporate.
[00:36:06] Merger. And specifically she ordered last year, an affiliate of a private equity firm to close its $550 million purchase of a holding company that makes cake decorating products. But because of the lockdown, the value of that cake decorating company drop. Pretty dramatically cuz people just weren't going out and buying this stuff to make cakes.
[00:36:31] They weren't celebrating, they weren't having parties. They didn't have cake cakes. Right. So she forced them to buy. This other company at the original price, even though the value of the company that holding company had dropped. So this is going to be really rather interesting. If you look at her ruling.
[00:36:55] She said the buyers lost their appetite for the deal shortly after signing it as government entities issued, stay at home orders around the country and the weekly sales declined dramatically rather than use reasonable efforts to work around a definitive credit agreement. The buyers called their litigation council and began evaluating ways to get out of the.
[00:37:20] Without input from the management, they prepared a draconian reforecast of the projected sales based on uninformed and largely unexplained assumptions that were inconsistent with real time sales data. That's where Elon Musk may have an out. if he's played his card right now, what really kind of confused me about all of this is that they, the guys at Twitter have a pretty solid case because they were able to negotiate as part of this potential purchase or merger, whatever you might wanna call it really it's a purchase.
[00:38:01] They have a pretty solid case cuz they got some amazing language into this agreement. I, I just can't believe that Elon Musk and his attorneys allowed it to go in there. Now these cases here in the Delaware court of Chancery are decided by the presiding judge and not a jury. Although a judge can get an advers, uh, advisory, excuse me, jury, to help consult, but the judge's decision can be appealed to the state Supreme court.
[00:38:33] And then the decision is final and Twitter proposed a four day trial with a September 19th start. Date and the court, I believe said, we're gonna push it off to October. I'll try and keep an eye on this case, cuz I think it's fascinating to see what happens here as we go forward to our friend, Elon Musk now.
[00:38:57] TikTok, Ugh, man, if you didn't get my newsletter this week, which you should have had my insider show notes on Tuesday morning and follow through and read these two articles on TikTok, you really missed something, but I'll, I'll give you a quick summary here. Right now. We spoke. About TikTok and what they have done here with this blackout challenge.
[00:39:21] Now it's not TikTok. They, they're not the ones promoting the challenge, but they are making money off of it and they're promoting their site. It's just yet another challenge that to has. well, one of the things that's been happening in Ukraine with this Russian invasion is people have been making TikTok videos and they have been posting them and they include all kinds of stuff.
[00:39:47] Uh, I'm sure there's dead soldiers in there. Russian tanks that have been completely blown apart. What a bad design, by the way, and many other things, and TikTok says, Hey, wait, wait a minute. We, we, we, okay. Well, we, we can't keep these, even though they have been asked to preserve the Ukraine content for warm war crime investigations.
[00:40:13] What has come out recently, you remember orange man, bad said that, uh, TikTok needed to be shut down. They, they wanted it out. He wanted it out of the, and not just him, but other people, uh, out of the app stores, because it's being used by Chinese intelligence and they're doing all kinds of stuff. Yeah. Yeah.
[00:40:34] Well, it turns out that our friends at TikTok have been in fact sending. All of the stuff that you are filming to China now, TikTok is illegal to use in China. So they're not sending it to China to show the Chinese because China is smart enough to not allow people to use TikTok. They're using it for ESP espionage TikTok, even just a few weeks ago, changed its usage.
[00:41:29] So they know who your friends are or what you're doing. They know about you. They're doing facial recognition of you. It goes on and on and on very, very bad, but because it's so popular with these young Ukrainians and even Russian troops who are posting footage of the war, they've got some stuff that would be great for the war crime investigators.
[00:41:54] And re remember when president Trump said, oh no, we gotta cut out TikTok. And, and the left, his opposition was saying, no, no, you know, TikTok is great. It's wonderful. Oh. And TikTok said, yeah, we have, uh, us based servers, nothing to worry about here. I don't know what Trump is talking about. The guy an idiot.
[00:42:13] Uh, well, as I just mentioned, we found out absolutely that yeah, they're saving it. They're sending it to China. And remember now, The Chinese communist party is a friend of Russia's. They're buying oil for very cheap prices. They're providing Russia with a number of different things. They're being a little cautious about it, but they will not allow war crime investigators to look at TikTok videos that have to do with the war in Ukraine.
[00:42:48] Absolutely amazing. Absolutely amazing. Lot of data pulled from your device sent back to China biometrics, face prints, voice prints, keys, stroke patterns, rhythms, search, and browsing history, location information. Do not let your kids go to TikTok. And this week I got an email from a listener saying that one of her close friends.
[00:43:14] Child died because of the blackout challenge. If that's not enough.
[00:43:20] Facebook's about 18 years old coming on 20 Facebook has a lot of data. How much stuff have you given Facebook? You know, did you fall victim for that? Hey, upload your contacts. We'll find your friends. Well, they don't know where your data is.
[00:43:36] This whole thing with Facebook has kind of exploded here lately.
[00:43:42] There is an article that had appeared on a line from our friends over at, I think it was, yeah. Let me see here. Yeah. Yeah. Motherboard. I was right. And motherboards reporting that Facebook doesn't know what it does with your data or. It goes now, you know, there's always a lot of rumors about different companies and particularly when they're big company and the, the news headlines are kind of grabbing your attention.
[00:44:16] And certainly Facebook can be one of those companies. So where did motherboard get this opinion about Facebook? Just being completely clueless about your personal data? well, it came from a leaked document. Yeah, exactly. So I, we find out a lot of stuff like that. Right. I used to follow a, a website about companies that were going to go under and they posted internal memos.
[00:44:49] It basically got sued out of existence, but there's no way that Facebook is gonna be able to Sue this one out of existence because they are describing this as. Internally as a tsunami of privacy regulations all over the world. So of course, if you're older, we used to call those TIAL waves, but think of what the implication there is of a tsunami coming in and just overwhelming everything.
[00:45:19] So Facebook internally, they, their engineers are trying to figure out, okay, so how do we deal? People's personal data. It's not categorized in ways that regulators want to control it. Now there's a huge problem right there. You've got third party data. You've got first party data. You've got sensitive categories, data.
[00:45:42] They might know what religion you are, what your persuasions are in various different ways. There's a lot of things they might know about you. How are they all CATA categorized? Now we've got the European union. With their gen general data protection regulation. The GDPR we talked about when it came into effect back in 2018, and I've helped a few companies to comply with that.
[00:46:07] That's not my specialty. My specialty is the cybersecurity side. But in article five, this European law mandates that personal data must be collected for specified explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. So what that means is that every piece of data, like where you are using Facebook or your religious orientation, Can only be collected and used for a specific purpose and not reused for another purpose.
[00:46:45] So there's an example here that vice is giving in past Facebook, took the phone number that users provided to protect their accounts with two factor authentication and fed it to its people, you know, feature as well as. Advertisers. Yeah. Interesting. Eh, so Gizmoto with the help of academic researchers caught Facebook doing this, and eventually the company had to stop the practice.
[00:47:13] Cuz this goes back to the earlier days where Facebook would say, Hey, find out if your friends are on Facebook, upload your contacts right now. And most people. Right. What did you know back then about trying to keep your data private, to try and stop the proliferation of information about you online and nothing.
[00:47:34] Right? I think I probably even uploaded it back then thinking, well, that'd be nice to see if I got friends here. We can start chatting, et cetera. Well, according to legal experts that were interviewed by motherboard who wrote this article and has a copy of the internal me, uh, memo, this European regulation specifically prohibits that kind of repurposing of your phone number of trying to put together the social graph and the leak document shows that Facebook may not even have the ability to limit.
[00:48:09] how it handles users data. Now I was on a number of radio stations this week, talking about this and the example I gave, I is just look at an average business from the time it start, you know, Facebook started how right. Well, you scrape in pictures of young women off of Harvard universities. Main catalog, right.
[00:48:34] Contact page, and then asking people, well, what do you think of this rate? This person rate that person and off they go, right. Trying to rate them. Yeah, yeah, yeah. All that matters to a woman, at least according to mark Zuckerberg or all that matters about a woman is how she looks. Right. Do I think she's pretty or not ridiculous what he was doing?
[00:48:54] I, it just, oh, that's Zuckerberg, right? That's. Who he is not a great guy anyways. So you go from stealing pictures of young ladies asking people to rate them, putting together some class information and stuff there at Harvard, and then moving on to other universities and then opening up even wider and wider.
[00:49:19] And of course, that also created demand cuz you can't get on. If you're not at one of the universities that we have set it up for. And then you continue to grow. You're adding these universities, certain you're starting to collect data and you're making more money than God. So what do you do? Well, you don't have to worry about inefficiencies.
[00:49:40] I'll tell you that. Right. One thing you don't have to do is worry about, oh, GE we've got a lot of redundant work going on here. We've got a lot of teams working on basically the same thing. No, you've got more money than you can possibly shake a stick at. So now you go ahead and send that, uh, money to this group or that group.
[00:50:02] And they put together all of the basic information, right. That, that they want. They are. Pulling it out of this database and that database, and they're doing some correlation writing some really cool sequel queries with some incredible joins and everything else. Right. And now that becomes part of the main code for Facebook.
[00:50:24] And then Facebook goes on to the next little project and they do the same thing. Then the next project, then the next project. And then someone comes along and says, uh, Hey, we. This feature, that feature for advertisers and then in that goes, and then along comes candidate Obama. And, uh, they, one of the groups inside Facebook says, yeah, yeah, yeah, here, here we go.
[00:50:49] Here's all of the information we have about everybody and it's free. Don't worry about it. Right. And then when Trump actually bought it and hired a company to try and process some of that information he got in trouble. No, no, no, but, but the Obama. The whole campaign could get access to anything they wanted to, again, because the data wasn't controlled, they had no idea who was doing what with the data.
[00:51:15] And according to this internal memo, they still don't know. They don't even know if they can possibly, uh, comply with these regulations, not just in Europe, but we have regulations in pretty much all of the 50 states in the us Canada of course, has their own Australia, New Zealand think about all the places.
[00:51:38] Facebook makes a lot of money. So here's a quote from that we build systems with open borders. The result of these open systems and open culture is well described with an analogy. Imagine you hold a bottle of ink in your hand, the bottle of ink is a mixture of all kinds of user data. You pour that ink into a lake of water.
[00:52:00] Okay. And it flows every. The document red. Right. So how do you put that ink back in the bottle, in the right bottle? How do you organize it again? So that it only flows to the allowed places in the lake? They're totally right about that. Where did they collect it from it? Apparently they don't even know where they got some of this information.
[00:52:24] This data from kind of reminds me of the no fly list. Right. You don't know you're on it and you can't get yourself off of it. Right. It is kind of crazy. So this document that we're talking about was written last year by. Privacy engineers on the ad and business product team, whose mission is to make meaningful connections between people and businesses and which quote sits at the center of a monetization strategy monetization strategy.
[00:52:51] And is the engine that powers Facebook's growth. interesting, interesting problems. And, and I see this being a problem well into the future for more and more of these companies, look at Twitter as an example that we've all heard about a lot lately. And I've talked about as well along comes Elon Musk and he says, well, wait a minute now.
[00:53:13] Now I can make Twitter way more profitable. We're gonna get rid of however many people it's well over a thousand, and then we are going to hire more people. We're gonna start charging. We're gonna be more efficient. You can bet all of these redundancies that are in Facebook are also there on Twitter. and Twitter also has to comply with all of these regulations that Facebook is kind of freaking out about.
[00:53:42] Well, it, for really a very good reason. So this document is available to anybody who wants to look at it. I'm looking at it right now, talking about regulatory landscape and the fundamental problems Facebook's data lake. And this is a problem that most companies have not. As bad as Facebook does, but most companies, right.
[00:54:06] You grow. I, I have yet to walk into a business that needs help with cybersecurity and find everything in place as it should be, because it grew organically. Right. You, you started out with a little consumer firewall, router and wifi, and then you added to it and you put a switch here and you added another switch behind that and move things around.
[00:54:29] This is normal. This is not total incompetence on the part of the management, but my gosh, I don't know. Maybe they need an Elon Musk. Just straighten them out as well. Hey, stick around. I'll be right back and sign up [email protected]
[00:54:49] Apparently looting is one of the benefits of being a Russian soldier. And according to the reports coming out of Ukraine, they've been doing it a lot, but there's a tech angle on here that is really turning the tables on these Russian looters.
[00:55:06] Thanks for being with me today. I really appreciate it. And I'm honored, frankly, to be in front of this microphone. , this is really something, you know, we, we know in wars, there are people that loot and typically the various militaries try and make sure, at least recently that that looting is kept to an absolute minimum.
[00:55:29] Certainly the Americans, the British, even the Nazis during world war II, the, the, uh, the socialists they're in. Germany, uh, they, they tried to stop some of the looting that was going on. I, I think that's probably a very good thing, right. Because what you end up with is just all of these locals that are just totally upset with you.
[00:55:57] I found a great article on the guardian and there's a village. Had been occupied for about a month by Russian troops and the people came back, they are just shocked to see what happened. They're giving a few examples of different towns. They found that alcohol was stolen and they left empty bottles behind food rappers, cigarette butts, thrown all over the place in apartments and homes.
[00:56:26] Piles of feces blocking the toilets, family photographs torn, thrown around the house. They took away all of the clothes. This is a code from one of the people, literally everything, male and female coats, boots, shirts, jackets, even my dresses and lingerie. This is really, really something. Uh, it, the Soviets didn't do this, but now Russian.
[00:56:50] Military apparently does. So over the past couple of weeks, there've been reporting from numerous places where Russian troops had occupied Ukrainian territory and the guardian, which is this UK newspaper collected evidences suggests looting by Russian forces was not merely a case of a few way, word soldiers, but a systematic part of Russian military behavior across multiple towns.
[00:57:18] And villages. That's absolutely amazing. Another quote here, people saw the Russian soldiers loading everything onto Euro trucks, everything they could get their hands on a dozen houses on the villages. Main street had been looted as well as the shops. Other villagers reported losing washing machines, food laptops, even as sofa, air conditioners.
[00:57:42] Being shipped back, just like, you know, you might use ups here, they have their equivalent over there. A lady here who was the head teacher in the school. She came back in, of course, found her home Lood and in the head teacher's office. she found an open pair of scissors that had been jammed into a plasma screen that was left behind because if they can't steal it, they're gonna destroy it.
[00:58:08] They don't only leave anything behind. They found the Russians had taken most of the computers, the projectors and other electronic equipment. It, it, it's incredible. So let's talk about the turnaround here. A little. You might have heard stories about some of these bad guys that have smashed and grabbed their way into apple stores.
[00:58:28] So they get into the apple store. They grab laptops on iPads, no longer iPods, cuz they don't make those anymore. And I phones. And they take them and they run with them. Well, nowadays there's not a whole lot of use for those. Now what they have been doing, some of these bad guys is, is they take some parts and use them in stolen equipment.
[00:58:55] They sell them on the used market, et cetera. But when you're talking about something specific, like an iPhone that needs specific activation. Completely different problem arises for these guys because that iPhone needs to have a SIM card in order to get onto the cell network. And it also has built in serial numbers.
[00:59:17] So what happens in those cases while apple goes ahead and disables them. So as soon as they connect to the internet, let's say they put 'em on wifi. They don't get a SIM card. They don't. service from T-Mobile or Verizon or whoever it might be. So now they disconnect to the wifi and it calls home, cuz it's gonna get updates.
[00:59:37] So on download stuff from the app store and they find that it's been bricked. Now you can do that with a lot of mobile device managers that are available for. All kinds of equipment nowadays, but certainly apple equipment where if a phone is lost or stolen or a laptop or other pieces of equipment, you can get on the MDM and disable it, have it remotely erased, et cetera.
[01:00:03] Now, police have had some interesting problems with that. Because a bad guy might go ahead and erase a smartphone. That's in the evidence locker at the police station. So they're, they're doing things like putting them into Fairday cages or static bags or other things to try and stop that. So I think we've established here that the higher tech equipment is pretty well protected.
[01:00:28] You steal it. It's not gonna do you much. Good. So one of the things the Russian stole when they were in, uh, it's called, uh, I think you pronounce it. Uh, Mela me pole, uh, which is again, a Erian city is they stole all of the equipment from a farm equipment dealership and shipped it to Chenia. Now that's according to a source in, uh, a businessman in the area that CNN is reporting on.
[01:01:01] So they shipped this equipment. We're talking about combines harvesters worth 300 grand a piece. They shipped it 700 miles. and the thieves were ultimately unable to use the equipment, cuz it had been locked remotely. So think about agriculture equipment that John Deere, in this case, these pieces of equipment, they, they drive themselves.
[01:01:27] It's autonomous. It goes up and down the fields. Goes any pattern that you want to it'll bring itself within a foot or an inch of your boundaries, right. Of your property being very, very efficient the whole time, whether it's planting or harvesting, et cetera. And that's just a phenomenal thing because it saves so much time for the farmer makes it easier to do the companies like John Deere.
[01:01:54] Want to sell as many pieces of this equipment as they possibly can. And farming is known to be a, what not terribly profitable business. It certainly isn't like Facebook. So how can they get this expensive equipment into the hands of a lot of farmers? Well, what they do is they lease it. So you can lease the equipment through leasing company or maybe directly from the manufacturer and now you're off and running.
[01:02:22] But what happens if the lease isn't paid now? It's one thing. If you don't pay your lease on a $2,000 laptop, right? They're probably not gonna come hunting for you, but when you're talking about a $300,000 harvester, they're more interested. So the leasing company. Has titled to the equipment and the leasing company can shut it off remotely.
[01:02:47] Right? You see where I'm going with this so that they can get their equipment in the hands of more farmers cuz the farmers can lease it. It costs them less. They don't have to have a big cash payment. Right? You see how this all works. So when the Russian forces stole this equipment, that's valued. Total value here is about $5 million.
[01:03:08] They were able to shut it all. And obviously, if you can't start the engine, because it's all shut off and it's all run by computers nowadays, and you know, there's pros and cons to that. I think there's a lot of cons, but, uh, what are you gonna do? How's that gonna work for you? Well, it. Isn't going to work for you.
[01:03:29] And they were able to track it. It had GPS trackers find out exactly where it was. That's how they know it was taken to Chenia and could be controlled remotely. And in this case, how'd they control it. Well, they completely. Shut it off. Even if they sell the harvesters for spare parts, they'll learn some money, but they sure can be able to sell 'em for the 300 grand that they were actually worth.
[01:03:56] Hey, stick around. We'll be right back and visit me [email protected] If you sign up there, you'll be able to get my insider show note. And every week I have a quick five. Training right there in your emails, Craig Peter san.com. That's S O N in case you're wondering.
[01:04:21] If you've been worried about ransomware, you are right to worry. It's up. It's costly. And we're gonna talk about that right now. What are the stats? What can you do? What happens if you do get hacked? Interesting world.
[01:04:37] Ransomware has been a very long running problem. I remember a client of ours, a car dealership who we had gone in.
[01:04:48] We had improved all of their systems and their security and one of their. People who was actually a senior manager, ended up downloading a piece of ransomware, one of these encrypted ones and opened it up and his machine, all of a sudden TA, guess what it had ransomware on it. One of those big reds.
[01:05:10] Greens that say pay up is send us this much Bitcoin. And here's our address. Right. All of that sort of stuff. And he called us up and said, what what's going on here? What happened? Well, first of all, don't bring your own machine into the office. Secondly, don't open up particularly encrypted files using the password that they gave.
[01:05:33] and thirdly, we stopped it automatically. It did not spread. We were able to completely restore his computer. Now let's consider here at the consequences of what happened. So he obviously was scared. Uh, and within a matter of a couple of hours, we actually had him back to where he was and it didn't spread.
[01:06:01] So the consequences there, they, they weren't that bad. But how about if it had gotten worse? How about if they ransomware. Also before it started holding his computer ransom, went out and found all of the data about their customers. Right. Would, do you think an auto dealership would love to hear that all of their customer data was stolen and released all of the personal data of all of their customers?
[01:06:28] Right? Obviously not. So there's a potential cost there. And then how long do you think it would take a normal company? That thinks they have backups to get back online. Well, I can tell you it'll take quite a while because the biggest problem is most backups don't work. We have yet to go into a business that was actually doing backups that would work to help restore them.
[01:06:55] And if you're interested, I can send you, I I've got something. I wrote up. Be glad to email it back to you. Uh, obviously as usual, no charge. and you'll be able to go into that and figure out what you should do. Cause I, I break it down into the different types of backups and why you might want to use them or why you might not want to use them, but ransomware.
[01:07:19] Is a kind of a pernicious nasty little thing, particularly nowadays, because it's two, two factor, right. First is they've encrypted your data. You can't get to it. And then the second side of that is okay, well, I can't get to my data and now they're threatening to hold my data ransom or they'll release. So they they'll put it out there.
[01:07:43] And of course, if you're in a regulated industry, which actually car dealers are because they deal with financial transactions, leases, loans, that sort of thing, uh, you can lose your license for your business. You can U lose your ability to go ahead and frankly, uh, make loans and work with financial companies and financial instruments.
[01:08:08] It could be a very, very big deal. so there are a lot of potential things that can happen all the way from losing your reputation as a business or an individual losing all of the money in your operating account. And we, again, we've got a client that, uh, we picked up afterwards. That, uh, yes, indeed. They lost all of the money in their operating account.
[01:08:32] And, uh, then how do you make payroll? How do you do things? Well, there's a new study that came out from checkpoint. Checkpoint is one of the original firewall companies and they had a look at ransomware. What are the costs of ransomware? Now bottom line, I'm looking at some stats here on a couple of different sites.
[01:08:53] Uh, one is by the way, KTI, which is a big ransomware gang that also got hacked after they said we are going to attack anyone that. Uh, that doesn't defend Vlad's invasion of Ukraine, and then they got hacked and their information was released, but here's ransomware statistics. This is from cloud words. Uh, first of all, the largest ransom demand is $50 million.
[01:09:21] And that was in 2021 to Acer big computer company. Now 37% of businesses were hit by ransomware. In 2021. This is amazing. They're they're expecting by 2031. So in about a decade, ransomware is gonna be costing about $265 billion a year. Now on average, uh, Ransomware costs businesses. 1.8, 5 million to recover from an attack.
[01:09:53] Now that's obviously not a one or two person place, but think of the car dealer again, how much money are they going to make over the year or over the life of the business? Right? If you're a car dealer, you have a to print money, right? You you're selling car model or cars from manufacturer X. And now you have the right to do that and they can remove that.
[01:10:16] Right? How many tens, hundreds of millions of dollars might that end up costing you? Yeah. Big deal. Total cost of ransomware last year, 20 billion. Now these are the interesting statistics here right now. So pay closer attention to this 32% of ransomware victims paid a ransom demand. So about her third paid ransom demand.
[01:10:41] Last. it's it's actually down. Cuz my recollection is it used to be about 50% would pay a ransom. Now on average that one third of victims that paid a ransom only recovered 65% of their data. Now that differs from a number I've been using from the FBI. That's a little bit older that was saying it's it's a little, little better than 50%, but 65% of pain victims recovered their data.
[01:11:12] Now isn't that absolutely amazing. Now 57% of companies are able to recover the data using a cloud backup. Now think about the different types of backup cloud backup is something that can work pretty well if you're a home user, but how long did it take for your system to get backed? Probably took weeks, right?
[01:11:35] For a, a regular computer over a regular internet line. Now restoring from backup's gonna be faster because your down link is usually faster than your uplink. That's not true for businesses that have real internet service, like, uh, ours. It it's the same bandwidth up as it is down. But it can take again, days or weeks to try and recover your machine.
[01:11:58] So it's very, very expensive. And I wish I had more time to go into this, but looking at the costs here and the fact that insurance companies are no longer paying out for a lot of these ransomware attacks, it could be incredibly expensive for you incredibly. So here you. The number one business types by industry for ransomware tax retail.
[01:12:32] That makes sense. Doesn't it. Real estate. Electrical contractors, law firms and wholesale building materials. Isn't that interesting? And that's probably because none of these people are really aware, conscious of doing what, of keeping their data secure of having a good it team, a good it department. So there's your bottom line.
[01:12:59] Uh, those are the guys that are getting hit. The most, the numbers are increasing dramatically and your costs are not just in the money. You might pay as a ransom. And so, as it turns out in pretty much every case prevention. Is less expensive and much better than the cure of trying to pay ransom or trying to restore from backups.
[01:13:26] Hey, you're listening to Craig Peterson. You can get my weekly show notes by just going to Craig peterson.com. And I'll also send you my special report on how to do passwords stick around will be right back.
[01:13:44] You know, you and I have talked about passwords before the way to generate them and how important they are. And we we'll go over that again a little bit in just a second, but there is a new standard out there that will eliminate the need for passwords.
[01:14:00] Passwords are kind of an, a necessary evil, at least they have been forever. I, I remember, I think the only system I've ever really used that did not require passwords was the IBM 360.
[01:14:17] Yeah, 360, you know, you punch up the cards, all of the JCL you feed the card deck in and off it goes. And does this little thing that was a different day, a different era. When I started in college in university, we. We had remote systems, timeshare systems that we could log into. And there weren't much in the line of password requirements in, but you had a username.
[01:14:47] You had a simple password. And I remember one of our instructors, his name was Robert, Andrew Lang. And, uh, his password was always some sort of a combination of RA Lang. So it was always easy to guess what his, what his password was. Today, it has gotten a lot worse today. We have devices with us all of the time.
[01:15:09] You might be wearing a smart watch. That requires a password. You of course probably have a smart phone. That's also maybe requiring a password, certainly after boots nowadays they use fingerprints or facial recognition, which is handy, but has its own drawbacks. But how about the websites? You're going to the systems you're using when you're at work and logging in, they all require passwords.
[01:15:39] And usernames of some sort or another well, apple, Google, and Microsoft have all committed to expanding their support for a standard. That's actually been out there for, for a few years. It's called the Fido standard. And the idea behind this is that you don't have to have a password in order to log. Now that's really kind of an interesting thing, right?
[01:16:07] Just looking at it because we're, we're so used to having this password only authentic. And of course the, the thing to do there is make sure you have for your password, multiple words in the password, it should really be a pass phrase. And between the words put in special characters or numbers, maybe mix.
[01:16:29] Upper lowercase a little bit. In those words, those are the best passwords, you know, 20 characters, 30 characters long. And then if you have to have a pin, I typically use a 12 digit pin. And how do I remember all of these? Cuz I use a completely different password for every website and right now, Let me pull it up.
[01:16:52] I'm using one password dot com's password manager. And my main password for that is about 25 characters long. And I have thirty one hundred and thirty five. Entries here in my password manager, 3,100. That is a whole lot of passwords, right? As well as, um, software licenses and a few other things in there.
[01:17:19] That's how we remember them is using a password manager. One password.com is my favorite. Now, obviously I don't make any money by referring you there. I, I really do like that. Uh, some others that I've liked in the past include last pass, but they really messed. With some of their cybersecurity last year and I lost, lost my faith in it.
[01:17:41] So now what they're trying to do is make these websites that we go to as well as some apps to have a consistent, secure, and passwordless sign in. and they're gonna make it available to consumers across all kinds of devices and platforms. That's why you've got apple, Google, and Microsoft all committing to it.
[01:18:05] And you can bet everybody else is going to follow along because there's hundreds of other companies that have decided they're gonna work with the Fido Alliance and they're gonna create this passwordless future. Which I like this idea. So how does this work? Well, basically you need to have a smartphone.
[01:18:24] This is, I'm just gonna go with the most standard way that this is going to work here in the future. And you can then have a, a. Pass key. This is kind of like a multifactor authentication or two factor authentication. So for instance, right now, when I sign into a website online, I'm giving a username, I'm giving a password and then it comes up and it asks me for a code.
[01:18:48] So I enter an a six digit code and that code changes every 30 seconds. And again, I use my password manager from one password dot. In order to generate that code. So that's how I log into Microsoft sites and Google sites and all kinds of sites out there. So it's kind of a similar thing here now for the sites for my company, because we do cyber security for businesses, including regulated businesses.
[01:19:16] We have biometrics tied in as. so to log into our systems, I have to have a username. I have to have a password. Uh, I then am sent to a single sign on page where I have to have a message sent to my smart device. That then has a special app that uses biometrics either a face ID or a fingerprint to verify who I am.
[01:19:41] So, yeah, there's a lot there, but I have to protect my customer's data. Something that very, very few it's crazy. Um, actual so-called managed security services providers do, but it's important, right? By the way, if you want my password. Special report, just go to Craig peterson.com. Sign up for my email list.
[01:20:07] I'll send that to you. That's what we're sending out right now for anyone who signs up [email protected] And if you'd like a copy of it and you're already on the list, just go ahead and email me M E. At Craig peterson.com and ask for the password special report where I go through a lot of this sort of thing.
[01:20:25] So what will happen with this is you go to a website and it might come up with a QR code. So you then scan that QR code with your phone and verify it, authorize it on your phone. You might again have it set up so that your phone requires a facial recognition or perhaps it'll require a fingerprint. And now you are in.
[01:20:47] Which is very cool. They fix some security problems in Fido over the last few years, which is great over the coming year. You're going to see this available on apple devices, Google Microsoft platforms. And it really is simple, stronger authentication. That's what Fido calls it. Right. But it is going to make your life a lot easy.
[01:21:12] It easier. It is a standard and the passwordless future makes a whole lot of sense for all of us. Now I wanna talk about another thing here that has bothered me for a long time. I have a sister-in-law. who is in the medical field and, and, uh, gives prescriptions, you know, doctor thing. And, uh, I think she's not quite a doctor.
[01:21:35] I can't remember what she has or she's an LPN or something. Anyhow. So she. We'll get on a zoom call with someone and they'll go through medical history and what's happening right now and she'll make prescriptions. And so I warned her about that saying, you know, it is very bad to be using zoom because zoom is not secure.
[01:22:01] Never has been, probably never will be right. If you want secure, you. To go and pay for it from one of these providers like WebEx, that's what we use. We have a version of WebEx that is set up to be secure. So I talked to her about that and said, Hey, listen, you can't do this. You you've really got to go another way here.
[01:22:23] And so she started using one of these mental or. Medical health apps. What I wanna talk about right now specifically are some checks that were just performed some audits on mental health apps. That's why I messed up a second ago, but what they looked at is that things are a serious, serious problem there.
[01:22:50] And then in fact, the threat post is calling it, uh, creepy. Frankly, just plain old creepy. So they've got some good intentions. They want to help with mental health. You've probably seen these or at least heard them advertise. So you can get on the horn with, uh, mental health, professional, uh, doctor or otherwise in order to help you here with your psychological or spiritual wellbeing.
[01:23:15] And people are sharing their personal and sensitive data with third parties and of 32 mental health and prayer mobile apps that were investigated by the open source organization. 28, 28 of the 32 were found to be inherently insecure and were given a privacy, not included label, including, uh, others here.
[01:23:41] So this is a report. uh, that was released here by the open source organization, tied into Mozilla Mozilla. Those are the Firefox people. They have what they call their minimum security standards. So things like requiring strong passwords, managing security, updates, and vulnerabilities, et cetera. 25 of the 32 failed to meet.
[01:24:05] Even those minimum security standards. So these apps are dealing with some of the most sensitive men, mental health and wellness issues people can possibly have, right? Depression, anxieties, suicidal thoughts, domestic violence, eating disorders. And they are being just terrible with your security Mozilla researchers spent 255 hours or, or about eight hours per product pairing under the hood of the security, watching the data that was going back and forth, right.
[01:24:41] Between all of these mental health and prayer apps. It was just crazy. So for example, eight of the apps reviewed allowed week passwords. That range. One digit one as the password, 2, 1, 1, 1 while a mental health app called a mood fit only required one letter or digit as a password. Now that is very concerning for an app that collects mood and symptom data.
[01:25:11] So be very careful. Um, two of the apps better help a popular app that connects users with therapists and better stop suicide, which is of course a suicide prevention app have vague and messy. According to Mozilla privacy policies, they have little or no effect on actual. User data protection. So be very, very careful.
[01:25:35] And if you are a mental health professional, or a medical professional, don't just go and use these open video calls, et cetera, et cetera, find something good. And there are some standards out there. Again. Visit me online, get my insider show notes every week. Get my little mini training. They come out most weeks, just go to Craig peterson.com.
[01:26:00] Craig peterson.com. And I'll send you my special report on passwords and more.