Your Questions are Coming In – Hacks Across Washington DC
Below is a rush transcript of this segment, it might contain errors.
Airing date: 03/22/2017
Your Questions are Coming In – Hacks Across Washington DC
Craig Peterson: It’s time again for another daily TechSanity check. Craig Peterson here. And we’re going to be talking about what’s been going on down in Washington, DC. If you’ve been listening to me, you know it’s happening and we’ve got some new information. That’s what we’re going to cover today. If you haven’t been listening to me, you probably had no idea that Washington, DC, the entire area, is being hacked. Their cellphones. Yeah, that’s what we’re going to talk about right now. Stick around.
Hey, that’s me. Hey thanks for being with me. You know, I really, really appreciate it and for everyone that’s taking the time to send in their questions. We’re still taking them. We’ve gotten quite a few already. And I have taken the time, or I will take the time to answer every last one of them. There’s some that continue to come in and that’s just fantastic. And the bottom line here is if you could sit down with me, just you and me with a cup of coffee, or maybe a beer, or was suggested maybe even a glass of wine. And you could ask me any question. You know, knowing my background, knowing I’m really big into security and I help corporations with it all of the time and individuals, as well as all my business acumen from the decades. If you could ask me any question you’d want, what would you ask? I had one guy ask me about my choices in life. If I could change anything in my life, any decision I had made, what decision would that be? What would I change? And you know that’s a really, really great question. I remember that first being asked to me, boy, back in college years. I guess it was. And you know, I’ve thought about it many times over my life and that listener made me think about it again. And you know the bottom line is I don’t think I would change anything because I am quite happy with who I am today. You know I’d rather be who I am today. Maybe 20 years ago or 30 years ago. But I wasn’t. And I couldn’t be who I am without that intervening amount of time, right?
So it was a good question. Legit question. I actually answered it. A written answer. But if you have two questions, I take two from every listener here, if you had two questions you could ask me about technology, business, etcetera, etcetera, what would it be? Just email me, Me@CraigPeterson.com.
You know I’m old enough to remember George Carlin when he was all of the rage and we’ve talked about it in school and everything. All his routines. Do you remember the routine where he asked, I don’t know if it was Sister Mary Margaret, I can’t remember the name, asked her about God. And you know, if God is all powerful, can he make a boulder that even he himself couldn’t lift? A very funny routine. Funny guy. Oh definitely left-wing, but very funny guy. And he reminded me of one of the questions that came in which was do I think there will ever be a type of security that a computer can use but it could never, ever be broken? And the answer to that is kind of a yes because of what’s been happening with quantum computing. I wrote a response to him. I guess maybe I should put them up on the website. But it’s interesting what’s going on in the quantum computing field. And also taking in something that Einstein, Albert Einstein called, what was it, spooky action at a distance where you can have two particles that are basically bound to each other at great infinite even it would appear distances. Taking the quantum computing and having two particles or multiple particles that are separated where you have the sender using a quantum computer to encrypt it and then you have the receiver using these sister particles to receive it. And using a quantum computer to decrypt it. I think we may well, if we get to that point, I think we will. We well may have invented something that is absolutely guaranteed to be completely unbreakable no matter what.
Now we’d have things like pad ciphers forever. And pad ciphers are great and are very hard to break. And if you can find the source material that the pad has used or the pad itself etcetera, you can decrypt it. So, anyways. Some great questions, again just Me@CraigPeterson.com, or you can text them to me. My texting number’s 855-385-5553. I often wonder if that was a great choice of numbers or not but. Decided that they would start monitoring a little more closely some of our cellular phone networks.
Now we’ve known for years that there’s major vulnerabilities in the main switching hardware that’s out there called SS7 which is the protocol that runs on all of these switches that run our phone system. I’m going to keep it simple here. But there are major flaws in that. It was designed back in the 1980s. It was designed when people trusted people, right? When one vendor of cellular service trusted another vendor and because of that they’ve said fine, great. You tell me you’ve got this phone then I’ll pass the call through to you. And that’s exactly what happened. But we’ve had displays of examples of the vulnerability. 2014, some German researchers published something called Chaos Communication. And it was at the Congress Hackers Conference over in Hamburg in 2014. And this vulnerability can be used by attackers with access to any carrier in the world that is hooked up to the US system which is ultimately any carrier, right? And they can obtain the victim’s location. They can harvest the messages. They can eavesdrop on the calls.
So the Homeland Security people got involved with a couple of other people that are out there who have access to monitoring equipment. Now we know the police have been using stingrays and other pieces of hardware to listen in on calls, right? And supposedly they’re only doing to try and find the bad guys to try and listen in on suspects, on directed suspects. But they’ve also been using it to getting kind of blanket information to anyone that happens to be in the area at the time.
So they took some of this type of technology. They put together a program called ESD Overwatch and working with Department of Homeland Security, they started monitoring calls in Washington, DC. And they found a large spike in what they’re calling suspicious activity on a major US cellular carrier. Now supposedly that carrier is T-Mobile. It could be anybody here. But the Department of Homeland Security got very concerned and has started looking into this. Finding out more about which cellphones are being tracked because location information is being sent up, and who would be doing it? Right? Could be the Russians. I would expect it’s the Russians or the Chinese or the Iranians or the Israelis. Anybody. Somebody who’s out there trying to monitor what our country is doing. It just makes sense.
Now there’s a lot of sophistication behind these attack because you have to understand the SS7 protocol. You have to have control of the switch in the network. And you have to kind of fake a little bit of information on that SS7. Now it’s not that hard to do. Come on people. It’s really not hard to do at all. As I mentioned with Jim Polito on his show this morning on iHeart Radio, I could do this. There’s no question that I could do this. And I’ve started hacking away at a few things and a few years back making, you know, I have an advanced ham license from the FCC, so I was making my own cellular system. And we could hook our phones up to it and things. I wasn’t trying to do a stingray type thing to monitor everyone. But frankly, it could be used for that. It could be hacked up to be able to do all that stuff.
So the program’s showing major anomalies in the DC area. It looks like a third party is tracking en masse a large number of cellphones. It could be used to clone these phones. It could be used to put malware on to the phones to help facilitate spying. It could be used to track government phones being used by officials in the area. It could be used by a lot of different people. A lot of different reasons out there.
A quote here from Free Beacon, who are the ones who first reported this by the way, says the attack was first in DC but was later seen on centers across the USA. A sensor located close to the White House and other over near the Pentagon have been part of those that have seen this tracking.
Now they’re quoting a source code familiar with the situation, whatever that means. But this is a problem. It’s a real problem. We’ve got to do some major updates to our infrastructure for our phones and other things out there. Are you going to be tracked? Well, potentially here. They cast a pretty wide net by the looks of it. But, you know, we already know we’re being tracked. I doubt this is the NSA because they have other ways to track cellphones. I suspect this is a foreign country that’s doing it. And I’ve got to point back to the CIA documents that were released in Wikileaks a week or so ago and that is our phone communications themselves are considered safe. The NSA and CIA, we know the CIA, at least, when those documents were written about a year ago, had no way to break the encryption if you’re using encrypted communications. They were trying to break into your phone and that’s how they’re gaining an access. So if you’re using something like Signal, which is the number one recommended safe private communication system out there, you’re probably just safe. Whatsapp is supposedly still safe. iPhones have iMessages which is also considered safe. The big problem with Messages however is if you’re sending it to someone and they don’t have data at that time, it will send it as a text message. And that is definitely not secure.
So we’re going to put together some information here over the next couple of weeks. I promised some people who had sent me emails with their questions that I’d be writing some stuff of some more detail. We’ll cover it in some of these podcasts as well. But if you want that, let me know. If you have questions, let me know. The easiest way is just send me an email. Me@CraigPeterson.com. Or you can text me. Just text 855-385-5553 with your questions. That’s me. Goes right to me. How many people you know have toll-free numbers? 855-385-5553. Take care. Have a great day. We’ll be back tomorrow. Bye-bye.
Interesting questions coming in, and will be answered in my upcoming series on security.
Today on TechSanity Check, more about how to keep your privacy from prying eyes, tapping, and spying. Especially that Washington D.C. is suggesting to monitor individuals’ smart phones.
Don’t forget to keep sending your questions on security and tech over to firstname.lastname@example.org.
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
Thanks, everyone, for listening and sharing our podcasts. We’re really hitting it out of the park. This will be a great year!