AS HEARD ON: WTAG – Apple’s Mistake Leads To Security Breach – W2 Being Stolen – Business Email Compromise: AS HEARD ON – WTAG NewsRadio 580 [03-06-18]
On This Episode…
The Federal Government can now get into any Apple iPhone. How did it happen? Craig and Jim discuss just what happened, who was responsible and just what it means to everyone with an iPhone.
Do you know about the latest Phishing scam? Jim and Craig talk about what information these new Phishing scams are after and if you could be their next target.
Are you familiar with the term Business Email Compromise? Craig and Jim go into some real detail about what it is and why you need to be aware of it.
Share This Episode
For Questions, Call or Text:
Below is a rush transcript of this segment, it might contain errors.
Airing date: 03/06/2018
Apple’s Mistake Leads To Security Breach – W2 Being Stolen – Business Email Compromise
Jim Polito: [00:00:00] Ah, this is a special day because our Tech Talk guru Craig Peterson is actually in the studio. He had business. Actually his son Steve is here with him too taking some video. And if you’re watching on Charter TV3 channel 193, you can see the man, the myth, the legend. The man who was questioned by the FBI. Not in the Mueller investigation though. I’m talking about Craig Peterson. Good morning sir.
Craig Peterson: [00:00:30] Hey good morning. Haven’t been in the studio for a little while yeah.
Jim: [00:00:33] It’s nice to have nice to have you here. And in the big chair as a matter of fact.
Craig: [00:00:39] Yeah. What’s with the padding on this chair by the way.
Jim: [00:00:43] Oh I’m sorry. That’s for Jordan in the afternoon. Now poor Jordan Levy here and here in WTAG our homebase Jordan does 3 to 6 and out at WHYN and that’s Howie Carr at 3 to 7.. Poor Jordan fell on the ice in his driveway. And I think he fractured his coccyx.
Craig: [00:01:04] Ouch. That hurts.
Jim: [00:01:05] I did that once waterskiing. A big wipeout. And so yeah, that’s what. You can take the off or you can just simply enjoy it.
Craig: [00:01:14] I’m enjoying it.
Jim: [00:01:16] Enjoy it. Enjoy the pad.
Craig: [00:01:16] Once you get to 30 you know Jim these kinds of things help.
Jim: [00:01:22] Listen I get it. I get it. So look we talked about, for so long, about the San Diego case and the terrorists and getting into the iPhone. You’re telling me now Uncle Sam can pretty much open any iPhone he wants to right?
Craig: [00:01:38] This is a little crazy. You know I’m concerned about Uncle Sam but ultimately I’m concerned about all of the bad guys out there.
Jim: [00:01:45] You’re concerned about Uncle Vlad from some basement in Eastern Europe is what you are worried about.
Craig: [00:01:53] Exactly. Or some 16-year-old kid in a basement. A few weeks ago, I put out an article that talked about a big problem that Apple just had. Maybe the biggest security breach Apple has ever had. The way a computer works is you turn it on. Have you ever noticed in the maybe the cursor starts flashing and now you see the boot rom that’s how it used to be, right? That’s kind of an initial loader for your computer. We used to call it the BIOS. Now we’ve moved much beyond whole BIOS thing. So bottom line here what happened is one of the engineers at Apple posted the source code for…
Jim: [00:02:33] Oh that’s smart.
Craig: [00:02:34] Effectively the BIOS for all of these Apple devices.
Jim: [00:02:37] Why? Why would somebody do this stuff?
Craig: [00:02:39] It was absolutely nuts. OK. So now whoever has access to that knows how the hardware works. They know when it first turns on what does it do? How does it access the thumbprint? How does it initialize the face scan? It does all of the hardware initialization. So this was bad. It was for iOS 9 but things haven’t changed a lot, we have to assume in the bootstrap loader. And in fact Apple had spent a lot of energy to make sure this never ever got out. It got out, I think it was an accidental post that went out on Github which is a Web site where software developers share things and work on things together. And now it’s in the hands not only of the NSA but the bad guys. Every one of the bad guys.
Jim: [00:03:27] So you know forget about, you can have thumb print, facial recognition but if you can cut that off and just know how to bypass it.
Craig: [00:03:40] Cut it off at the knees right when the machine is turned on.
Jim: [00:03:41] It’s like in the old days when people used to start a car without the key here. Let me show you what you do. Pull this panel from underneath the dash. Two wires. Click, car starts and this is the same thing isn’t it?
Craig: [00:03:56] Well this is an oversimplification. This is not super easy to do.
Jim: [00:04:01] Right. But it’s possible.
Craig: [00:04:02] Not beyond the capabilities of the NSA or Putin’s people or North Korea or Iran.
Jim: [00:04:12] Or Craig Peterson.
Craig: [00:04:15] Steve and Craig.
Jim: [00:04:15] Steve your son. The two of you, given this information can hack into my phone. You wouldn’t. But you’re smart enough to know what to do with it.
Craig: [00:04:22] It can it can be figured out. So now there’s an Israeli company. They’ve been around for quite a while and they are the number one contractors for cracking into iPhones in the world. And so our federal government, when they have an iPhone or other mobile device they want cracked into, they ship it off to Israel. This Israeli company keeps everything very close to the chest. They don’t tell anyone on what they’re doing, how they’re breaking in. But they are successfully breaking in and apparently they’ve broken into an iPhone X before with the facial recognition and you know so there’s some questions there. But they have now sent out an e-mail to their customers saying we can crack into any iPhone since the iPhone 5, I think it was, or 4. It was 4. Any iPhone 4 forward. That is a very, very big deal here and it’s something that Apple’s I’m sure working really hard at and trying to get around.
JIm: [00:05:20] That was going to be my question is. What are they doing? You know given this information now, what are they doing?
Craig: [00:05:24] Well Apple is the number one company when you want security and safety right. You can’t trust Google. You can’t trust Amazon. Apple’s always been.
Jim: [00:05:34] They’ve always been the gold standard. You even said that to me, like Jim you know love them or hate them but you know they have been.
Craig: [00:05:40] Right. And for good reason. They’re trying really hard. Now for instance if you have one of these new Apple HomePod, these speakers, you can say hi Siri. Sorry I just turned everyone’s Siris.
Jim: [00:05:52] Don’t worry. We do that with Alexa and we’ve actually got one right here. It’s going to be installed in the studio. We do with Tommy B all the time. We’ll talk to Alexa and then it makes everybody’s Alexas go crazy.
Craig: [00:06:04] With Siri it understands your voice. You can train it for your voice. You know Jim won’t be able to turn it on. So it’s a good point here. Don’t let Jim turn on your Siri. Apple immediately not only encrypts the data but they anonymize it right there on your device. So even Apple can’t figure out who did it, where they were, or what they said, ok? So they use it to try and figure out how can we make the speech recognition better. You know what’s Jim or what are people asking about. But they have no idea about Jim. The same cannot be said for Google Home. The same cannot be said for the Amazon Echo. So Apple’s really good about trying to keep our information safe. Except somebody made a major blunder.
Jim: [00:06:46] We’re talking with Craig Peterson, our Tech Talk guru. And there’s going to be so many topics that we won’t be able to get to. But you will at the end of this segment get an 800 number from Craig and if you text my name to that number he’ll get you all this information. He will not bother you. He will not hack you. He will not send you annoying messages. And the most important thing is when there’s a big I.T. security emergency you’ve him on your side and he’ll provide you with information. OK so speaking of providing me with information there’s a lot of phishing going on out there for W-2s. Like a lot of people now it’s March 6 and thinking oh April 15 is right around the corner. So the hackers have been thinking that too. What’s going on with the W-2s?
Craig: [00:07:41] What a mess. FBI is warning. We have an FBI briefing about some of this stuff. Here’s the bottom line W-2s contain what information? Have you looked at it? Do you remember?
: [00:07:52] Yeah. It’s got my soc. It’s got my annual income. It’s got name, address. Date of birth, I don’t know. Does it have date of birth?
Craig: [00:08:03] It depends. But I think it does. It does.
Jim: [00:08:06] So it’s got basically everything you need to screw me. No, but to take over everything and make yourself Jim Polito.
Craig: [00:08:14] Yeah exactly.
Jim: [00:08:16] Without the extra weight.
Craig: [00:08:17] So how about this. How about that we have what’s called a business email compromise. And we won’t get into all the details here but basically what they’ll do is they will compromise, let’s say you’re the CEO, OK? So you’re online. You have your http://whitehouse.gov account. But instead of that you’re using http://yahoo.com. Right. So the bad guy figures out using http://yahoo.com very easy to do. Right. Some pretty young lady sends you a little friend request over on Facebook says hey Jim we went to school together because she knows where you went to school right. Because she saw it in LinkedIn public page. I just wanted to connect with you. So now she’s connected with you. She knows who you are via LinkedIn. She knows the business you’re in and you’re CEO. She finds out more about the company. Oh Danny is your CFO.
So now what she does is she calls up Yahoo says, hello this is Mrs. Polito and I’m trying to get my husband’s accountant, and she’s playing babies screaming in the background which by the way you can find on YouTube audio of that, right?
Jim: [00:09:24] Oh of course. We use it for commercials and things.
Craig: [00:09:26] Exactly. And so now the person on Yahoo says, oh Jim. I got to help them because we got this mail that is supposed to come in. It’s his new job and he’s right now he’s stuck. Right? So she gives a sob story. Yahoo really, I’m just picking on Yahoo here ok? Yahoo releases the account information right. Or changes the password for her. And now she has access to Jim’s Yahoo account. She then sends in the e-mail from Jim at Yahoo using his account to the CFO saying hey I’m meeting with the auditors tomorrow, the accountants, whatever. Send me a copy of all the W-2s because I need them in order to meet with them. And she knows what voice you use because she’s got all your Yahoo emails right. And she knows who the CFO is. So now all that W-2 information from your company is in the hands of the bad guys.
Jim: [00:10:16] And then that’s it. They’re off to the races from there. It’s all over.
Craig: [00:10:22] It’s completely gone. Right. And it gets worse than that too. We have examples this one young lady over in Eastern Europe. And she actually is a pretty young lady. But she went ahead and was able to get Danny because Jim was on vacation in the Bahamas.
Jim: [00:10:39] See, listen. There’s two things wrong with the scenario here. Jim on vacation in the Bahamas and Danny is the CFO? No. But we’re going to suspend. We’re going to suspend disbelief. Jim’s in the Bahamas and Danny is a a whiz at number crunching.
Craig: [00:10:57] So she’s done the same research on you. OK. She knows you’re on vacation with your family in the Bahamas. You’re probably out of touch. So now she sends an e-mail from your e-mail account saying Danny we picked up this new supplier two months ago I can’t believe you haven’t paid him yet. I need you to wire the money because if he doesn’t get the money now we’re going to be out of business from this new supplier. So guess what happens next? She says here’s the account number. Wire 45 million dollars. And Danny did. 90 seconds later it’s out of the country.
Jim: [00:11:31] It’s gone and it bounces from bank to bank to bank to bank to bank. And then good luck trying to find that money.
Craig: [00:11:37] Once it’s wired out of the account it is gone. It isn’t like a credit card we can go back and say cancel that one.
Danny: [00:11:44] Craig what do you do to protect yourself? Just what do you do?
Craig: [00:11:47] You’ve got to be really careful. My company works with a number of suppliers. We have software that’s more than 99 percent effective in stopping that stuff right. But the normal anti-virus, the Barracudas and stuff aren’t really going to be able to stop that. Education. Make sure Danny finally gets a degree in accounting but as part of that make sure that Danny also understands I’m not going to send you something from Yahoo. If you get it. Call me and verify it.
Jim: [00:12:20] That I didn’t even think of that.
Craig: [00:12:22] It’s the simplest thing.
Jim: [00:12:23] It is the simplest solutions.
Craig: [00:12:23] People rely so much on the technology, so much on the e-mails. Just really simple.
Jim: [00:12:28] Danny if I ever send you anything unusual from m y personal account ignore it.
Danny: [00:12:37] Ignore it.
Jim: [00:12:36] Got to come from the work account.
Craig: [00:12:39] From the work account. And double check. If it’s something that’s questionable always call.
Jim: [00:12:43] Always double check.
Craig: [00:12:44] Always call. Get that voice on the other.
Danny: [00:12:46] You know the thing is though you become comfortable with the technology and you think about how wonderful it makes your life. And you just go ahead and you do it. Yeah and that’s what they’re preying on.
Jim: [00:12:56] All right look do you hear those two great stories. There are many more of them and you can get them obviously every week at this time and we’re honored to have Craig and his son Steve in the studio. But you can also get the stories from him that we don’t get to. So here’s what you do. You use my name, Jim and you text it to.
Craig: [00:13:16] 855-385-5553. So it’s just Jim to 855-385-5553.
Jim: [00:13:22] And then you will receive this information. And I said you’ll get updates. You’ll get other things. He will never sell your name to somebody else. And standard data and text rates apply. This was a great honor to have you in the studio sir.
Craig: [00:13:42] Well thanks. We need to do it more often.
Jim: [00:13:43] And to meet your son. Always a pleasure to see you. And I hope you continue to have a safe business trip.
Craig: [00:13:48] All right. Hey thanks Jim.
Don’t miss any episode from Craig. Visit http://CraigPeterson.com/itunes. Subscribe and give us a rating!
Thanks, everyone, for listening and sharing our podcasts. We’re really hitting it out of the park. This will be a great year!