China Monitoring US Communications – Stop Using Microsoft Edge – Cellphones Just Aren’t Secure and more all on TTWCP Radio Show: [11-10-2018]

On This Episode…

Are you familiar with Business Email Compromise also called BEC Listen in today and I will tell you why you need to be concerned about this.

Businesses getting hit by other cybercriminals right here.  I will be going through some of my most recent customers and why they ended up calling us.

So what’s up with the Chinese have been stealing our intellectual property.  We will talk more about this today in quite a bit of detail

What Browser do you use?  There are many to choose from.  Today I will talk about why you need to be concerned about the browser you use.

Related Articles

Share This Episode

For Questions, Call or Text:

855-385-5553

TRANSCRIPT

Below is a rush transcript of this segment, it might contain errors.

Airing date: 11/10/2018

China Monitoring US Communications – Stop Using Microsoft Edge – Cellphones Just Aren’t Secure

Craig Peterson: Hello everybody Craig Peterson here for another half hour of Tech Talk. You can hear me online Of course on iHeart make sure you tune into your iHeart Radio stations. You’ll find my
podcast also out pretty much everywhere and iTunes I really appreciate it when you take a few minutes and make a comment. I read them all over also on my website so you can go to http://CraigPeterson.com/iTunes. Well, today we are going to be talking about a couple of things I think

Craig Peterson 0:34
you’re going to find interesting one, we’re going to tell you why you don’t want to download Chrome, or at least ways not to download it. People are really getting scammed here with cell phones. Are they really secure? What does that mean? China has been hacking the vital internet backbone of many Western countries and MIT This is really interesting. We’ve talked a little bit before on the show about the whole trolley car dilemma we’re talking about a little bit now, too, because MIT has conducted a study and they have completed it, I signed up for it and answered some of their questions. This was a while

Craig Peterson 1:13
back that I did it. I think it was the same study. But anyhow, we’ll talk a little bit about that showed our self driving cars kill the cat, the elderly, or the baby, the results of the poll are in and they vary based on where you live. Ultimately, here, we’re talking about some pretty exciting and interesting stuff.

Craig Peterson 1:36
Now, also, this week, I gotta warn everybody, particularly small business people, we picked up a couple of new clients again this week with major infections. Now the FBI is warning and they put out a warning here very recently about business email compromise. This is for small businesses who don’t really have their security together, their people aren’t doing the right term meaning. And even if you are, you might get nailed. There was an article in the news this week about one government employee clicking on a link in a website, I guess it came from a website and ended up compromising thousands of government computers. So it is a real problem.

Craig Peterson 2:20
And most businesses that get hit by this stuff end up out of business, the small ones do the bigger ones typically have a bigger budget to deal with. So in the case this week, it’s a small company, family owned second generation. And they make things here in the US, which is really rather cool. And they thought they were safe, because they had three computers, that’s all they had a couple of dozen employees who did the assembly of their product. And they were very careful about taking their computers offline off the internet when they didn’t need to be on the internet. Well, we found 12 different major infections across just one computer. It’s amazing what’s been happening

Craig Peterson 3:08
and who knows what kind of data has been compromised from. So just, you know, everybody be careful out there. And we’re going to have more training courses, keep an eye out. I’ve been really busy. The whole thing with the FBI Infraguard program where I’m running their webinars for them now, nationally, and it’s just been very busy the last couple of weeks, I’m putting some stuff together, we’re talking about a big summit that we’re going to do maybe in the spring. In fact, this last week, there was a big head honcho meeting down in Quantico talking about it, but hopefully we’ll have the security summit next year. I’m really

Craig Peterson 3:44
pushing to make it so that it’s not just for FBI government, in regard people, because that’s typically what I’m doing when I’m running these webinars for the FBI, you’re just as a normal company person, you can’t attend them. So I’m trying to get it so that second quarter next year, we can have this big summit anybody can attend for free. That’s, that’s what I’m aiming at here. Because I’m trying to get the information out and you’ll be able to learn a whole lot. It’s, you know, the plan is it’s going to be a weeklong summit, we’re going to have 50 or 60 different topics, different speakers, and we’re going to arrange them into different tracks and you know, the whole big thing. So it’ll be a huge, huge, huge thing. And hopefully, the FBI is going to say, Fine, go ahead. But you know, sometimes not, it can be difficult to convince them to

Craig Peterson 4:39
do things even if they don’t have to do it. If I’m going to do all my work, all the work in my team is going to be helping out. So hopefully we’ll be able to do that because there’s so much good information that is available and you don’t have to become an expert. That’s the nice thing about it. Right? If you’re trying to run a business, you’re you’re busy running your business you don’t want to worry about the whole thing cyber thing and that’s where we’ve been able to help out a whole lot with the FBI Infragard program free to join it takes a few months they do a basic background check. They don’t call it an FBI background check because it’s not but it’s the FBI that does it but it’s not one of these things where

Craig Peterson 5:18
like justice Kevin Oh, where they’re drilling into everything in your background everyone we’ve ever mapped her anything it’s just you know, I more like have emerged anyone recently type of background check so check it out Infragard.org you’ll find that out there online you can sign up if you’re involved in the critical infrastructure and I think it’s important to do because there are alerts coming out from there all the time now let’s get down to some of the articles from this week and if you got my newsletter this morning hopefully you did you can read along Of course I spent a lot of time doing commentary you’re not going to find that in the newsletter and if you do don’t

Craig Peterson 6:00
get my weekly newsletter sign up right now Craig peterson.com slash subscribe that’s Craig C R A I G Peterson with an o.com slash subscribe. And right there on my homepage to there’s a sign up if you want to be informed about some of these other free business webinars that we’re having. Again, no charge people. This is

Craig Peterson 6:23
real. I’m I’m the real thing I’m trying to help out. I’ve been doing this for decades and decades, very long time. And I really want to help out I want to help you out if you’re a home us. In fact, we had another brand new client come on board, she attended one of our webinars. And one of the ones that I did on ransomware a couple of
weeks ago, you know what, I’m going to have to send out a thing, invite you guys on to the replay because we got a lot of great feedback from it. But she’s a non-paying client. And that’s absolutely fine. Her husband in her had a business and he passed on, she sold the asset, shut down the business and had all of this stuff on her computer, which has, you guessed it – ransomware. So we are hopping on her machine and getting her all taken care of, and she is so grateful, you know, just a listener, I don’t have a business can you help me out. And that’s what we’re here to do. So we’re doing a cyber health assessment for her indication of compromise clean up after the ransomware, she has a basic backup.

Craig Peterson 7:41
And I thought this company did a better job than apparently, they’re doing, I’m gonna have to look into this a little bit more and do a webinar on backups. But according to her, and it’s a name, you all know if you know anything about backups. They only keep one generation for her. So she’s not sure the backup they have is also encrypted with ransomware.

Craig Peterson 8:05
So she might be in big trouble. But that’s the whole 321 rule. When it comes to backups at all, I’ll have to explain. If you’re interested, sign up. I will explain this. We do this site and kind of stuff offline because I don’t want to drill down too deep on the radio show and lose too many people. But we will do one on backups. We’ve got some other scheduled to how to treat data at rest and encryption, encrypted vaults and all that stuff. Just trying to make it easy for everybody. So she’s really worried because, you know, her husband passed on all of the records, they’re all of the business records are there and she got ransomware, 60% of small businesses this year are expected to have a similar thing happened to them.

Craig Peterson 8:51
What would happen to your business do you think that would help or hurt? Yeah, yeah, 60% of businesses are expected to get one of these nasty pieces of nastiness from the bad guys. And of those 60%, 50% are expected to go out of business within six months. So by the end of the year, middle of next year, we will have a lot of small businesses who will be out of business and somewhere helping her out and we can help you out to we’re not charging This is free. I have committed the resources to do 100 of these small business cyber health assessments to

Craig Peterson 9:32
toward in 2018, so we still have some left that we will do we the last quarter 2018, there’s 100 available. You know, we normally charge for these but for listeners, I really want to help believe me, I want to help. That’s why I do all of this volunteer work. I volunteer for the FBI and infer guard program to run the webinars. I am here to help bully me know a lot of people will tell you that I have hundreds and hundreds of recommendations along those lines. So don’t don’t feel afraid. Don’t feel pressured because I’m not selling anything. Okay. I just visit right now. Craig Peterson. com, make sure you sign up to get notified about our future webinars because we’ll we’ll do more and they will continue on past the backup stuff. So let’s get into some of the additional stuff China’s doing right now.

Craig Peterson 10:30
Well, you know, China has been very involved in espionage. And you’ve heard it in the news, some of the news like Fox, etc. They tend to carry the whole story, Wall Street Journal, things like CNN whose viewership by the way down 40% in the last year more people according to the stats I saw this week, more people watch Cartoon Network, then watch CNN. So that shows you how credible they are is a news source. But anyhow, the Chinese have been stealing our intellectual property. And we caught the Chinese red-handed, no pun intended in a company or right here, right here, local, which just totally blew me away that they had three back doors into their systems and they were stealing all of their intellectual property.

Craig Peterson 11:24 
Imagine that right? I mentioned this before in the show, but you spend all this time all this effort with developing your intellectual property, developing your hardware, your software, all the designs, and this particular company again, it was an older gentleman that was running it he’d been running it all of his life, his entire investment, his life savings were tied up in the business and the Chinese were headstone and it also imagine competing against your own designs being made in China. Can you imagine that? Imagine how that would turn out. You are competing against your own designed, manufactured in China.

Craig Peterson 12:05
So China has been very busy in stealing our intellectual property. They really are people, this is not just our widgets better than yours. It’s, hey, we made your widget better her reminds me of a joke from the 70s of you know, the Russians us invented something, and the Russians, quote, already invented it and quote, and then the Japanese, of course, made it smaller and cheaper back in the day. And of course, it’s not Japan anymore. It is China.

Craig Peterson 12:35
Well, there is a new report out right now talking about a Chinese state owned telecommunications company that’s been hijacking the vital internet backbone of Western countries. Now, this is according to an academic paper published just this week by researchers from the US Naval War College and Tel Aviv University. So these are people that really know what they’re talking about.

Craig Peterson 13:01
And they’re saying that the culprit here is China Telecom. This is the country’s third largest telco, and they’re an internet service provider, just like it here in the US, right? You might have Verizon or at amp T. Nowadays, Comcast is doing this sort of thing. But in this case, China Telecom has a presence inside North America, and has had presence inside our network since the early 2000s, when it created its first Point of Presence. So how do you think that might affect you, or might affect our networks here, they’ve been doing this they’ve had upon your presence for almost 20 years now. And as it turns out, here’s what’s happening. They’ve created these points of presence centers, these data centers,

Craig Peterson 13:47
and according to this report, these Chinese data centers are doing nothing more than rerouting internet traffic

Craig Peterson 13:55
between all of the smaller networks that make up the larger internet and are monitoring it now This happens all day. Every day. We do this right. Mike company is an internet backbone router

Craig Peterson 14:10
where we take stuff from archive and smaller networks. And we use protocol called BGP, and we tie all these networks together, and we send it out to the quickest shortest route on other networks. These are called autonomous systems, a SS and now you have huge companies like Google, oh, and Verizon, and others, all the way down through small little guys, you know, university networks, maybe banks, web hosting companies, companies like ours and others that are all doing this.

Craig Peterson 14:42
So apparently, what they’ve been doing is hijacking BGP announcement and it’s kind of interesting because the studies have been showing that China Telecom started abusing this BGP protocol, which is used to route between the network,

Craig Peterson 15:00
China Telecom has been doing it at least ever since it entered into this pact and 2015. Now remember, September 2015, Obama and the president of China entered into this agreement, right, that China was going to stop all government back cyber operations, right. And I laugh as though, you know, really, really, you think they’re going to stop it all? Yeah, cuz he asked, right,

Craig Peterson 15:29
no, they didn’t stop it. In fact, they ratcheted up right then and there so that this agreement necessitated new ways to them get all the information. So they did enter China Telecom, the research is saying that they’ve built a route tracing system monitoring, the BGP announcements and distinguishing pattern suggesting accidental or deliberate hijack, you know, we’ve seen the Russians do this before. And, you know, we really are in a Cold War right now, frankly,

Craig Peterson 16:04
the Chinese are a little more concerning than the Russians are, I don’t know if you saw this week. But the Russians biggest dry dock St. And they’re only aircraft carrier. The only one the Russians have was damaged when this dry dock saying so Russia is not a huge challenge to us like China is becoming especially in the South China Sea. So they’ve got a system online, they’ve been watching it a lot of stat

Craig Peterson 16:32
in October 2016 traffic from several locations us to a large Anglo American bank headquarters in Milan, Italy, hijacked by China Telecom traffic from Sweden and Norway to the Japanese network of a large American news organization hijack to China for about six weeks. Now, the only way people really even notice this is things tend to get a little bit slower February 2016 for about six months routes from Canada to Korea were hijacked by China Telecom and routed through China traffic to the mail server and IP addresses of a large financial company in Thailand hijacked during April, May, July 2017. Some of the hijack attacks by the way, started in the U.S.A, were trying to telecom has a presence.

Craig Peterson 17:25
So it’s very, very interesting here, China’s network, very cut off on the rest of the world. And China is working with Google right now in developing the system to track all of their people even closer than they’re being tracked right now very, very closed and yet their routing all of this traffic through their network so they can have a good look at them. So be careful out there. They really are out to get us it’s it’s amazing. I’d hate to think that some a war-ish stance or posture was taken by China. And they did all of this stuff more maliciously, than

Craig Peterson 18:02
they’re even doing it right now. So be Be careful. And we have seen China now in various customer networks here, right here in the northeast United States. And, of course, other people are seeing them all over the country. We’re seeing them, the FBI seen them, everybody seen them, China, it is a real risk right now.

Craig Peterson 18:31
Now, you know, I’ve talked about Microsoft before, you guys know, I have no love loss for Microsoft. Although I also have to say that I have been using some of their services more and more lately. And, and using them with my customers.

Craig Peterson 18:45
Microsoft has a new Office 365 stack. And they have one that even includes the operating system. And I got to say, given kudos here, because they are doing a very good job with it. Now, they’re not solving all the problems. Security isn’t the best. But it’s not the worst. And I think you’re much better off with a no 365 implementation than going for Google’s implementation. But that has to do with security. And also has to do with keeping your data confidential.

Craig Peterson 19:17
People who download and install Windows, Windows 10, specifically, you notice there’s a new browser, Microsoft’s Internet Explorer, a total piece of junk that was so far out of date, it was crazy. So many companies have written software that’s dependent on so-called features, also known as side effects in the Microsoft Internet Explorer Explorer browser that you have to be careful. So my little word of advice just off of the side here, if you’re in business at all, and you’re thinking about having a website and having some features on it, do not use Internet Explorer, don’t test for it, that’s not your target. Nowadays, the number one browser out there by far as Google Chrome.

Craig Peterson 20:09
So if you’re designing a website, make sure chrome works on it. If it works on it, you know, good for you, right? But Windows 10 comes with the Edge browser. And most people are thinking that the Edge browser really has one purpose in life. And that is to download Chrome or Firefox, Firefox being the better of the two at least right now. And if you want to be absolutely safe, you’re probably best to run the epic browser, okay, will be very careful. Because if you run edge on your Windows 10 PC, and you don’t have the URL for Google Chrome, and you

Craig Peterson 20:53
type download Chrome into the address bar. And if you click the first result provided by Bing search, tried, who’s ever heard of being before well being is Microsoft search engine and they had been contracting to third parties to provide the results are trying to do it now themselves. But if you go into your new Windows 10, you open up the web browser, it’s called Edge and you type in download Chrome, and you click on the first entry. The first URL, you are going to get highly visible Google Chrome ads for months.

Craig Peterson 21:34
Okay, Google and Firefox know this being can’t be bothered, apparently, to fix this problem. So be very careful. Okay. The top result for download chrome was Google online.

Craig Peterson 21:51
It’s a fake site. It’s a pretty good copy of Google’s chrome landing page, it looks general enough genuine enough to fool people the downloads called

Craig Peterson 22:02
chrome setup.exe. And the digital signature if you take a close look is signed by alpha criteria limited, and that’s definitely not Google. So go to Google.com. And from Google.com, if you need to do a search is probably the easiest way to do a do a search for Chrome and stop using Edge. It is not a good browser. Okay, just don’t use it. Use Chrome or use Mozilla’s Firefox, something to seriously look at

Craig Peterson 22:37
and believe how fast this half hours going and goes quick, doesn’t it?

Craig Peterson 22:41
Well, we’re going to hit a couple more articles here really quickly. One has to do with cell phones. You might remember President Obama when he took office, he had his wonderful little Jimmy have a crack Barry, I think it was he had his little Blackberry that he used. And he didn’t want to give it up because

Craig Peterson 22:58
he’d been using it for so many years. And he had so many friends on it. And he could, you know, text back and forth and have great messages, emails,

Craig Peterson 23:07
I can get it right. And now we’ve got President Trump The 4am 2am

Craig Peterson 23:13
is sending a tweet and he’s using just regular phones. And there’s anybody can tell. Now

Craig Peterson 23:18
President Obama was finally convinced by the Secret Service to stop using his own personal device. And he got a secured government device. But it looks like President Trump has still been using his cell phone since he became president. And that presents all kinds of potential security vulnerabilities. No question about it, even if it’s iOS and fits Apple what Apple being much better than Android when it comes to security. But even if it’s Apple, you got problems.

Craig Peterson 23:50
Now, the security rules do prohibit them from using a regular

Craig Peterson 23:52
cell phone throughout his presidency. But apparently he’s using Twitter on his phone. So the question is, who else is listening in? Who might grab his Twitter account? Who might be able to listen to cell phone calls, who might be able to turn on the microphone in his smartphone and listen in on the conversation or turn on the camera

Craig Peterson 24:15
in it, right? Many companies or companies, many countries are trying to listen in, we know the NSA is listening in to everything they can they do bulk data collection that get as much

Craig Peterson 24:30
cell phone and texting information as they can possibly get from as many people as I can possibly get. And then they use that later on to figure out who spoke with whom. And if this person is a risk, then that person might be. So who else are they talking to? Right? You get into two hops, three hops, five hops away as they try and figure out who’s who, right. Well, some of these other countries are going specifically one on one. And potentially there are two there’s two basic places that you can eavesdrop on pretty much any communication system at the end point, obviously, which is the phones themselves. And if it’s a smartphone, it can be compromised. I don’t care who makes the phone and the other is during transmission. So cell phone attacker could also eavesdropping on the cellular network. And we’ve talked about those devices, Sting Ray devices that can be put up that are fake cell towers that allow a third party to listen in. Obviously, there’s problems with all of this right now. 2016, WikiLeaks they published a series of classified documents listing target selectors. So these are phone numbers the NSA is searching for

Craig Peterson 25:50
and they included senior government officials from Germany including Chancellor Angela Merkel,

Craig Peterson 25:54
France, Japan, many other countries now

Craig Peterson 25:59
other countries don’t have the worldwide reads the NSA

Craig Peterson 26:01
has but when you consider what we were just talking about with China and China Telecom being able to get into our networks and reroute traffic eavesdropping, including eavesdropping of the President’s phone it’s not inconceivable that absolutely for sure. Now if you

Craig Peterson 26:21
missed last week, well I did the ransomware webinar I’ve got more coming up we’re going to be doing a webinar on backup absolutely free not selling anything no credit card needed there it goes out enough disclaimers I really want to help out make sure you visit http://CraigPeterson.com right there on the homepage. You can sign up to be notified when my next webinars going to be these are typically 45 minutes to an hour. They are information packed. I will give you replays of them if you attend and we’ve got a lot of people that are asking about it. So check it out, http://CraigPeterson.comhttp://CraigPeterson.com and have a great week everybody. Take care. Bye bye.