‭+1 (617) 500-3221

Questions? Need help? Click Here

AS HEARD ON: WGAN Mornings News with Matt Gagnon: Microsoft Exchange Server Hack and Russia and Chinese Spying Activities

Podcast

Good morning everybody! 

I was on WGAN this morning with Matt Gagnon. Matt asked right off the bat about one of my soapbox subjects, Microsoft!  I told him I have had it with them and their reluctance to fix their software when they have the means to do so.  Then we discussed Russia and China and their spying and hacking activities. Here we go with Matt.

And more tech tips, news, and updates visit – CraigPeterson.com.

Automated Machine Generated Transcript:

Craig Peterson: [00:00:00] China and Russia spying on us. We knew this for a very long time. It’s going to take years to unpack. We had the SolarWinds hack. Now we’ve got this Microsoft exchange server vulnerability. The most incredible drive a  freight truck through it, vulnerability possible.  I have had it. I think Matt Gagnon figured that out this morning when I was on the radio with him. So here we go with Matt Gagnon.

Matt Gagnon: [00:00:28] It is 736 on the WGAN morning news, which is a perfect time on a Wednesday to talk to Craig Peterson, our tech guru. He joins us at this time every Wednesday. Also, you can hear him on this very station on Saturdays at one o’clock because he talks about these subjects and more in more depth and detail.

Craig, how are you this morning?

Craig Peterson: [00:00:46] I am doing great. My bees were flying yesterday. All of my hives overwintered, which is like a first for me. It is just, wow. This is so great.

Matt Gagnon: [00:00:56] I’m sorry. I wasn’t aware that you were a beekeeper.

Craig Peterson: [00:00:58] Yeah, bees. I got chickens. I used to have horses, and we got cats and dogs.

Craig Peterson, you also have technology-related equipment, gadgets galore and we’re going to talk about some of that stuff right now.

Matt Gagnon: [00:01:09] I want to kick things off maybe, if you will, Craig with me, by talking about the ongoing Microsoft exchange hack. What exactly is this?

Craig Peterson: [00:01:19] This is an absolutely huge deal and it’s not that difficult to understand.

I am, bottom line, fed up with Microsoft. This is just the latest in a long string of major vulnerabilities. In this particular case, we’re talking about probably right now, the numbers are over 100,000 businesses that have been hacked. It’s just crazy.

We know of about 30,000 give or take. Here’s what the problem is. People in business need email. That’s the life of a business. Many people made the mistake of trusting the Microsoft exchange server, which is something that you can get in-house. You run it on a little exchange server and aren’t I great cause I got it set up. It’s a little confusing.  It also is offered in a hosted environment. Then Microsoft also has what used to be called office 365. That’s now. Microsoft 365 also has email built-in. Okay. That’s one of the core features.

However, yet again, we had major vulnerabilities. Remember a mail server has to be exposed to the internet to allow it to receive mail and allow it to send email. It should really be one of the most secure machines you have and well protected.

Many of us use bastion host. That’s what I use for all of my clients. So that none of this nasty software or hackers get direct access to a complicated system, like Microsoft exchange server.

They got into machines. They were able to, at that point, install a backdoor. Which allowed the hackers, and this is almost certainly China based on kind of the fingerprints involved, it allowed them to spread throughout organizations, including government agencies. Major government agencies, our school districts, local government, the retail, small business, you name it have been compromised.

Microsoft, last week, came up with some patches that they released that kind of closed the door. The problem is the horses are already out of that barn.

What happened is they’ve installed the back door and Microsoft didn’t close it. Microsoft released patches for this major vulnerability, in the Microsoft exchange server, which you run again for your email and they did not fix the compromised machine.

My advice to everybody, if you’re a small business, if you’re running an exchange server, you have to immediately patch it or have your service provider patch it. You should restore from backup from who knows how long ago, because there were backdoors installed.

There’s multiple types. This is a major mess up Matt, absolutely major. It’s going to have consequences for years to come. 80% of Americans, now it’s expected, about 80% of us have had all of our personal information stolen and in the hands of Russia and China. This is going to bring her closer to a hundred percent.

Matt Gagnon: [00:04:39] Talking to Craig Peterson, our tech guru, who joins us on Wednesdays at this time to talk over the world of technology.

I saw a news piece today, actually on China and Russia cooperating to build a moon base of some kind, which is perhaps a subject in and of itself that I could ask you about.

That’s actually not where I was going because China and Russia also in the news for their spying sprees, shall we call them. Where they’re engaging in a whole bunch of different spying tactics.  I’d love for you to break this down for us a little bit. It’s a very interesting story.

Craig Peterson: [00:05:09] It really is. We had this SolarWinds hack, and I’ve been talking about that for a couple of months now on this show.  This SolarWinds is what’s called a supply chain attack where SolarWind software is used by businesses to monitor their networks, to control systems that are within their networks to put this rather simply.

SolarWinds issued a patch and it was an upgrade, right? It was the new features and some fixes and you got to install this. Apparently, over a year ago their software, SolarWind software had been compromised. SolarWinds then started distributing all of this Russian and Chinese malware to all of its customers. Again, including government agencies, businesses, et cetera.

Now you have a supply chain risk. In other words, I’m using SolarWind software. I trust it, they signed it. I checked the signature and I got hacked bottom line. 

They have gotten into all kinds of systems, but SolarWinds said, Hey about a third of all of these tens of thousands of companies and agencies that have been hacked about a third of them don’t use SolarWinds.

It turns out now that they came in through Microsoft bugs. In this other third of the cases, almost certainly including this latest one we found out about last week.

It is going to take years for us to try and figure this out, fix this problem. I am so upset. So upset with Microsoft. They are sitting on billions of dollars in cash, Matt, and they’re not spending it to try and protect their customers. Small businesses, what are we supposed to do? It’s nuts when our supply chain with our software providers giving us software that is hacked, already. We install it and now they are into all of our systems.

All the  Russians have to do is spray and pray. They just send it all out. We’re just sitting there with our fingers crossed. It’s not going to hit us. Oh, I trust Microsoft or I trust Apple, whatever it is.

We have to hold these companies accountable. How about Equifax? They’re still out there. They’re still in business. They still have all of our information and they gave up about 150 million Americans plus Canadians plus some European data to the bad guys. They sit there and they say it’s going to cost us ten to 20 million if we get hacked. To really fix this problem is going to cost us 30, 40, 50 million. We’ll just sit here and won’t spend the money.

We have to stop this now.

Matt Gagnon: [00:08:04] Craig Peterson, you hear his voice here every Wednesday at this time. You also hear it on Saturdays at one, o’clock talking about these issues and more.

Craig, I appreciate it as always. We will talk to you again next week, sir.

Craig Peterson: [00:08:15] Take care, Matt.

Matt Gagnon: [00:08:16] All right.

Craig Peterson: [00:08:16] Oh me. Oh my. Hey, Karen and I spent a bunch of time. In fact, the whole day, trying to get this membership site all up and running so we can put the courses in there for you. So you have the one place to go. So the free stuff that I’m going to be doing will be in there for you.

Plus some of the paid courses we are getting close, I know I’ve been promising this forever, but I’ve got a business to run. I got eight kids, grandkids, right? My bees, as I mentioned, and chickens and all these other animals running around. So it’s just taking me time. I have to apologize for that, but anyhow.

I am very excited about what we’re doing there because this is going to open up a whole new universe for us.

All right. Everybody take care. We will talk again soon. Probably this weekend.

 

More stories and tech updates at:

www.craigpeterson.com

Don’t miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553

Listen to this episode

Related posts

  1. Tech Talk with Craig Peterson Podcast: Supply chain hacks, Nation-state spying, Tesla, Microsoft Exchange Server Hack and More
  2. Tech Talk with Craig Peterson Podcast: SolarWinds Hack, Nation-State Ransomware, Fire-Eye RedTeam Tools and More
  3. Solarwinds Hack and its impact on business and home
  4. Tech Talk with Craig Peterson Podcast: Backups versus Disaster Recovery versus Business Continuity, Apple wants Privacy – Google wants Your Info and more