Breached companies lose customers. Spear phishing more dangerous than ever.
Walmart is going to use blockchain to help to secure our the food they sell customers.
Why are we seeing such an upswing in Spear phishing? Tune in and I will explain it in more why it is now more dangerous than ever before.
Sale of Information on the Dark Web is increasing. Today I will talk about why we are seeing more activity and higher prices being demanded.
It is coming, 5G is a huge leap. I will discuss how this technology is going to change how we access the internet.
Craig is putting up a new insider site (Yes, it is free, but you have to sign up) On it will have all his special reports that he puts out and you will be the first to get them.
- Facebook Violates Apple’s Data-Gathering Rules, Pulls VPN From App Store
- Millennials Are Sharing Streaming Passwords, Costing Companies Millions In Revenue
- Google Reportedly Bought Your Banking Data In Secret, And That’s Not Even The Bad News
- Idle Android Devices Send Data To Google Nearly 10 Times More Often Than Ios Devices Do To Apple, Research Finds
- The Home of The Future Is A Security Challenge
- Your Digital ‘Purchases’ Are Not Really Yours
Airing date: 09/29/2018
Breached companies lose customers. Spear phishing more dangerous than ever. Dark web pricing trends. 5G is going to change everything.
Craig Peterson: [00:00:01] Hey, WELCOME. WELCOME. Craig Peterson, here, joining you as I try to every Saturday morning. Thanks for joining us today. Hey, we’ve got a lot, as usual, to talk about in a short time to talk about it. We are going without commercial breaks, again. We have so much to cover and I got to thank, of course, I Heart Radio for airing this show on their stations and it’s kind of fun. I was just adding it up. You know, I’m almost at my 1000 weekly episode. That is a lot, hence, a lot of airtime some of those shows were three hours some even four hours long. I used to do an interview format show. Now, it tends to be just me talking about some of the stuff that really matters to everybody out there in the news. So thanks to Iheartradio for airing the show again. Now moving on to, wow, close to 20 years I guess. Really weekly radio appearances by yours truly and of course, then a lot of television over the years, as well. I also want a quick shout out thanks to everybody that responded to my survey. You should have gotten an e-mail last week on Saturday. Maybe you opened it up during the week and then a reminder on Wednesday, please just take about two minutes, that is all it takes.
[00:01:23] Click on the link, right in there. I really do want your opinion. I’d like to know what it is you’d like to hear about here. I’m also doing another master class. Remember, last year it was in June, I did a three-seminar class that went on for about eight hours. It was on securing your computer, no charge for anybody involved. We’re going to do some more teaching, but I really want to know what you guys want. What do you want to hear about what you want to learn about? The only way to let me know is to tell me, so if you haven’t filled out that survey please do. If you don’t have a link to that survey, just go ahead and send me a quick note. Just me at Craig Peterson dot com or you can text me as well at 8 5 5 3 8 5 fifty-five fifty-three. If there is any question, that you would have about security, that you’d like me to have a masterclass about. All at no charge text me at 8 5 5 3 8 5 55 53. Anybody, that answers the questions you are guaranteed a free seat in that class. And of course, I have courses as well for my clients that are out there.
[00:02:32] And who knows, maybe it makes sense for you to become a client, but for most people who are listening, you’re probably too small, you’re probably not too concerned about your business assets. You know you’re not worried about somebody breaking in and stealing things or losing your client information. But for everybody else, there maybe there’s some stuff we can do. OK, so big stuff today. We’ve got 5G coming out we’re going to talk about what the carriers are doing how they’re all getting prepared for this new technology. It’s going to completely change the way we access the Internet and the way our devices access that, as well. We’ve got an interesting statistic that came out of the Black Hat Defcon conferences, just about six weeks ago, that I hadn’t noticed before. We’ll be going into that. If you’re a consumer you’re probably affected by this, as well, right. We had our data that was stolen from Equifax. Equifax is still in business we don’t have the option of not doing business with them right. Well, technically we are. Once again the product right Equifax is still in business still doing great and we are still messed up. Those tickles in your throat when that happens. But, we’re still in big trouble right because our information is out there. They’re not issuing new social security numbers but they are issuing new credit card numbers and new bank account numbers.
[00:04:02] Right. But, Equifax is still out there they’re still kicking around. Well, businesses that people don’t have to do business with, have a different story. Even though Equifax is still in business. This is this is incredible here. Other businesses that don’t have 48 percent of consumers avoiding services after a business has a data breach that is absolutely huge. Nearly all organizations that have been hit with a security incident report a long-term negative impact on both revenue and consumer trust. That is absolutely amazing. Consumers are getting frankly asking for a higher and higher standard for where they store their data and the how all of their data is protected while it’s there in storage. And in this digital age you know you’ve got to right, you’ve got to be very careful about your data where it is and what they’re doing with it. 80 percent of consumers are reporting is very important or crucial. Their personally identifiable information is protected online. 86 percent say a high level of data protection is a priority in choosing online services. That’s from a technology and Frost and Sullivan So you know very reputable company there about half of the organizations report involvement a publicly disclosed data breach of those nearly all say they have experienced a long-term negative impact related to client trust and or revenue. So, it’s absolutely huge you’ve got to pay attention.
[00:05:40] You have to be safe. This goes back to my survey I found that the majority of people that have so far answered the survey said the things that matter to them are protected. Protecting their data, protecting their bank accounts, their company bank accounts. By the way, It’s come in is number one in the survey. Your own company’s bank account. Number two is the customer’s information. So, those are the top two in my survey. And I thought that was really kind of interesting, that’s what people are trying to protect out there. So, it’s very important or crucial, if you’re a business you just can’t afford to lose the consumer’s trust because you will eventually go out of business. In fact, the statistics are still terrible. Customers are, excuse me, our customers but businesses that have been breached are likely to go out of business very, very quickly. So, that leads us to kind of our next story, actually does do this. but spear-fishing here you know about Russian attempts to meddle in the election while wow spearfishing has really become quite the science. Now, in case you don’t know what it is. Fishing – ph I sh ing – phishing is where the bad guys go out there looking to try and find data, try and find information, and then use it against a company or an individual. And that is exactly what it looks like.
[00:07:04] That is what happened to the Democrats last time around that all of these e-mails were disclosed because of the phishing attack, where you basically get an e-mail back in the day it was you know terrible language or wasn’t worded properly and it was purporting to be from your bank or career I.T. people. Well, it turns out, that even though Podesta who last year had a password that was password. Oh my gosh, and lost all of the Democrats e-mails its’ just kind of crazy. And by the way, the Russians weren’t just going after the Democrats they were going after the Republicans and they’re not just going after political parties, they’re going after everybody out there, and they are using spearfishing. These are e-mails that have had hyperlinks embedded in them to go to a fake Web site and we just had news that was about a month ago you remember this reported quickly on this. But Microsoft blocked six fake Web sites that Microsoft thought were probably going to be used by Russians in order to meddle with our election. Now, we’ve got news coming out that the Chinese are also in the process of trying to meddle with our election, which of course, is a very bad thing as well. So, in this case, they send an e-mail. It looks legitimate enough and it has in it an embedded link, people clicked on the link.
[00:08:34] Now, it will take you to a Web site that usually looks legitimate. So, the e-mail might be pretending that it’s some you know, PayPal or whatever, it might be some bank etc.. And it’s not, frankly just about a month ago the Israeli Defense Forces IDF reported a social media phishing campaign that it was attributing to Hamas. So, they were trying to get the IDF troops to download malware, again, using fake Social media profiles on Facebook, Instagram, WhatsApp. What’s more Facebook and Twitter have both blocked profiles linked to Iranian Russians and Chinese operatives used to try and spread misinformation. But, it really is helping to reveal a critical weakness of these influence campaigns because they’re using overlapping profiles on multiple platforms. So if a social media company notices something then they can go ahead and talk the other social media companies and basically take out these bad guys all at once. I think it’s really good. The whole concept of walled gardens and trying to keep things separate just doesn’t fit in with this thing. Also, one of the things people complained about is that you can go to a Web site and it looks like it’s the right Web site. We ought to mention that. But have you noticed the certificate you know a lot of people have been trained that if it has that locked in the corner by the R-AL they’ve been trained that OK well that means it’s safe?
[00:10:09] I mean it’s a secure server. Now, I can’t emphasize this enough. A secure server is not a secure server. In other words just because it says that this is a secure server certificate and this has been validated it doesn’t make it so. Two things that I want I want to make really clear, everyone needs to remember one it does not mean that the data on the server is secure. It has nothing to do with that, whatsoever. So your data might be secure in transit, but once it gets to the other side, it’s not the not the right guy. The other thing that it does not mean anymore is that it really is the entity you’re looking for. So, if you’re trying to go to I’m just picking on PayPal. Here PayPal has a really good track record of being secure so, I’m just using them as an example one might know. So if you go to a Web site and it looks like it’s PayPal and it was up in the corner they’re up by you are the little lock indicating OK’s to a secure server and if you click on that lock, it’ll tell you the details about the security certificate. Those can be faked and they are being faked. In fact, the research that has been done recently shown that these sites that are being used maliciously to spread false information.
[00:11:30] Those sites are in fact being used with valid secure certificates, SSL certificates. So, just because there’s a certificate does not mean that it’s safe. OK. Everybody needs to remember that. So, it’s a big deal. They are meddling with the election already. I heard a rumor, I should look this up but I think it was West Virginia, but apparently, some state is now allowing you to vote via your smartphone, which is absolutely idiotic at least as far as I’m concerned. Why? It’s just almost impossible to secure that sort of stuff, so be very careful out there. OK, so let’s talk about removing yourself. What information do these social media and other sites have about you? We already know Equifax has way too much about these other guys. Well, we had a couple of guys I think it was about a half a dozen that went out online and they did a little bit of searching online for their own data. And they found a bunch of very interesting things out there of some very very interesting things. Well, bottom line Google is your friend when it comes to finding your information online. Because even though Google does not index the dark web, they do a very good job of indexing the rest of the web.
[00:13:00] So, they wanted to know whatever information is out there. And what does it mean? And they found a lot of information about them, as you might expect, but then they decided let’s take this to the next step and you’ll see this article online. It was published ZDnet. There is a ton of great information. We definitely don’t have enough time to get into all of it, today. But, they decided hey what happened in this day of GDPR are which is the European data privacy law. And, in the U.S. We have some privacy laws, nowhere near as strict as what they have over in Europe. But, in this day of so-called data privacy how much privacy do we have? What can we find out? You’re supposed to be able to request from these companies, information about you. What do you have on me, out there? And of course, that’s a very good thing to know, right. You’d want to know what businesses might be keeping about to, et cetera, et cetera. I know, I do and I have asked before. So, that’s what these guys did. They went online and they started to poke around a lot and in some cases, they tried to request the removal of their data, and it was interesting because they got various types of responses from some people and some businesses out there.
[00:14:19] Google has their privacy checkup, which obviously you should pay some attention to go online to a privacy checkup. There are services online like delete me. There’s a paid subscription service and it goes ahead and tries to get your data removed from online. Some of these Web sites, have what would amount to hundreds and hundreds of pages of information, about you. Some of the data brokers the data miners are really going crazy and some of them claim to have over 100000 data points on every adult in the United States. Think about that one. So, it’s a scary world. If you’re concerned about this. I’d love to know. But check this out, it’s on my website at Craig Peterson dot com. And, if this is something you’d like me to cover in a masterclass, let me know as well and just put the subject of master class to send e-mail to me at Craig Peterson dot com, or you can text me at 8 5 5 3 8 5 55 53 and I will be more than glad to talk about and give a little class about that and a couple of other things we have up our sleeves. Next stop, here we’re going to talk about 5G and a new use for blockchain. This is going to be surprising, I think, to a lot of people.
[00:15:40] Now, you probably heard of block trading. And most people when they think of blockchain they’re thinking about bitcoin or some of these other cryptocurrencies that are out there. The whole idea behind block chain is to have a ledger.
[00:15:55] And, you know remember we’ve seen Ledgers for years, if you ever watch A Christmas Carol you saw Legers being used in the accounting office, right. Who owes who money, back and forth and ledgers can be changed. And that’s been a problem over the years. How do you know your bank’s Ledger is correct? Good accounting practices use double entry ledgers to help correct and catch mistakes, but how about the malicious things that can happen and that do happen that are out there. Well, it gets to be a real problem and that’s what blockchain kind of things hoped to solve. And I say kind of, because they haven’t really solved it ,and I’ve been extremely disappointed in the massive adoption of the blockchain technology because the idea behind blockchain is if we have a thousand people all maintaining the same ledger and we assume that they’re pretty much all valid maybe there’s a few people trying to mess around but if there’s a thousand Legers or 100000 Legers then we know that everything’s legitimate right because it’s all signed and it hasn’t been messed with. And we can always validate based on looking at other ledgers that are out there. While, that whole concept behind block chain is being used now, by a few different companies, in order to do some kind of fancy things. First of all, some banks are already using it for literally their ledgers, right. There are bank ledgers and they are tracking the bank’s ledgers and transactions between banks.
[00:17:30] So, it’s already been used for interbank transfers interbank loans. You know the whole overnight rate and everything you’ve heard about before. Well, this is a big surprise to me. But Wal-Mart is about to jump into this block chain business and apparently by January 31, 2019, Wal-Mart has set a deadline for all of their direct suppliers to use blockchain technology to track food. Yes, indeed that head of lettuce that spinach that you buy over at Wal-Mart is going to be tracked with blockchain. And the idea behind all of this is that that they want to be able to trace the food, berries, mangoes, baby food, you know about the scare we had when it might have been a decade ago about spinach, and some of the nasty stuff in the spinach baby food. Remember, the scare with glass in some of the baby food bottles. Chicken with you when you’re talking about salmonella or other types of diseases the same thing is true with beef. Wouldn’t it be nice to be able to trace that food all the way back from the truck it was on, the box manufacturer that made the box that the chicken was shipped in with a plastic wrap that was inside that all the way back to the supplier or what day?
[00:18:56] Who handled it, everything. While IBM food trust has been working on blockchain technology to do just that, track all of the food. Very, very cool and it gives a much more complete view of the entire food system than what is currently available from anybody. And it is certainly stronger than the basic federal regulations are currently requiring. So, this is a really good pinpointing the source of the food contamination. It is almost certain, I can’t see how it would not improve public safety. It’s going to save lives because we can more quickly track down what other food might have been contaminated, where did it go, who might have sold it, where might it be sitting. The head of food safety over at Wal-Mart. Frankie Anice is saying that it’s ultimately going to save money for retailers and farmers who have been swept into overly broad product recalls, in the past, and I’ve seen that before too. Because it’s like OK, everything that came out of this plant is now recalled and you’re talking, sometimes millions of eggs or millions of pounds of different types of foods. And it’s a real problem. We had millions of bags and heads of romaine lettuce that was thrown out due to interruption of E. coli. Earlier this year 36 different states, so that one particular E. coli outbreak caused 210 people to get sick and five to die.
[00:20:30] And that’s according to the CDC. So, very, very big deal this food trust blockchain is going to be a big deal, as well. And it’s going to help promote food safety. I like it. I like that kind of transparency that that depth of view into our food supply. I think that’s really important. OK, we’ve got some pricing trends coming up here. What’s it worth? To steal your information and try and sell it on the dark web. Yeah, the pricing has changed. And I got to say the pricing has not changed for the better here. But for cybercriminals, the whole dark web is growing more profitable every day. And for those people that signed up for my Dark Web report, you know you’ve been getting them every month. And I got to say something about this too for the first time I think in about a year we did not have any of our listeners here who signed up for that free monthly dark web scan. None, of them, showed up in any of the reports this month. So, that’s a very very big deal. First time ever we didn’t have any new shows, obviously old stuff is out there but no new stuff so good for you. That means you guys are listening and paying attention. I really appreciate that. And I want to go by the way a quick shout out to a couple of new clients here, too.
[00:21:52] Tom and Jared as well. We ended up doing scans for them looking for information that if it was breached would be a bad thing. Right. Personally identifiable information, as well as stuff that would violate various state and federal requirements. So quick shout out to both of them and their companies. But in this case, the dark web is growing more profitable every day. And this is particularly true for stolen credit card data. Prices have gone up over the last three years as much as 83 percent. Isn’t that amazing. For the US, Canadian, United Kingdom, an Australian credit cards, that is by the way. So Armors Threat Resistance Unit says, stolen credit card data is of great value to the cybercriminals because of the number of ways they can use it to commit fraud. So, they do everything from what you’ve heard before purchasing high-end merchandise for resale, for money laundering, and funding other illicit activities. Remember I told you about the lecture I attended in talking with the Secret Service officer about what they’re finding and how can bad guys move money around because as a rule, they can’t. All right what are you going to do? They don’t trust each other etcetera, etcetera. The whole problem. The conundrum, the prisoner conundrum, but a different show for that one. So, anyhow the values going up, the prices going up that means we’ve got to start being very careful.
[00:23:26] There’s also an increased Dark Market for cloned ATM cards, passports, prescriptions, and even prescription labels, all of them have increased in performance or in they’ve all increased in importance over the last three years. OK, we are finally making it to five G we’ve talked a little bit about 5G in the past it is coming. It’s going to have a massive impact on almost every facet of how we use the technology we’re talking about faster speeds, lower latency, which means the turnaround time and also in cost, so there’ll be huge new frontiers for us. You know right now some cars have Wi-Fi hotspots in them. It’s going to become the norm because it’s going to be so cheap, so fast, so available. There are already clothes, we talked about Levis with their jean jacket that had built into it sensors so that you could control it just by swiping your arm on the sleeve of the jacket. Well, think of all with 5g you could build right into that code all kinds of sensors that are monitoring everything right your heart rate your not just the rate but your cardiac monitor, video screens, you know you name it you go jogging in the morning and you’re concerned about getting mugged because you’re going through New York’s main parks or wherever it might be you know your clothes could be streaming a video feed 24/7.
[00:25:03] And the cost on that will be minimal, absolutely minimal. Or if you hit a panic button it’ll automatically upload the last half hour of video and sound or whatever from a 360-degree radius around you. This is absolutely phenomenal, what’s going to happen. It’s going to open up everything and then think about the self-driving cars that are coming. Right now they have to have a lot of very expensive sensors on them but if they could all communicate all share that data push that data back you know you to the blockchain stuff earlier with Wal-Mart and what they’re going to do to keep your food safe. Well, think about what could happen now of all of the cars all of the sensors and everything everywhere. We’re sending all of this data to a central database where it is validated and put together. And now the cars have an up to the second. Up to the second. It’s just I’m just shaking my head it’s amazing here. But up to the second information about road conditions everywhere out there. So, this is really going to be huge. This is really the fifth generation of cellular network that’s why it is called 5G. This is, you know we’ve got 4G LTE right now and I’m going to give you the real basics.
[00:26:23] I got a great article that I got from the verge that’s up to my website at Craig Peterson dot com. But, five Gs is a set of standards, of course, it’s been adopted internationally as well in the U.S. but they’re able to move forward because in December last year 2017. They agreed on the basic standalone standards. They have other standards as well. It’s a much more complex network. They have to have a lot more cell towers if you will, but they can be tiny. So, in an area that might have only had a couple of towers before eventually here, there could be dozens of towers, just everywhere. It’s just going to be amazing. Everything’s about to change. Remember, how fast LTE was when it came out. While that’s what’s going to happen again that’s going to be fast, fast, fast. All of the major carriers are working on it. We’ve got What T-Mobile and Sprint are trying to get together so they can build one really big and strong 5G network. We’ll see how that all goes. But, everything’s about to change when 5G comes out. And you know we are about to change, give it a couple of years. All right again if you have any comments if there’s anything you’d like me to cover in a master class make sure you e-mail me right now. Just me at Craig Peterson dot com.
[00:27:44] Craig Peterson dot com or text me with any comments, questions concerns, or topics for a masterclass to 8 5 5 3 8 5 55 53. I’m looking forward to helping you out. However, I can whatever questions you have. Take care and have a great week. Bye-bye.