[As heard on WGAN 2021-07-07]
Good morning, everybody. We’ve got this massive attack underway. It’s hitting businesses, and they’re using supply chain attacks just like they did with Solar Winds. However, this one might actually be a little more fatal. A lot of businesses out there. So we talked about that this morning—this Kaseya hack.
[00:00:21] We also talked about selling your smart device. Is it a good thing? I got a report from a listener about a whole bunch of Amazon orders that they had not made. So I’ll tell you a little bit about that. And also, IRS looks like there might’ve been a data breach of what’s going on. And frankly, what is the Biden administration proposing?
[00:00:47] That’s going to make things way worse when it comes to data breaches at the I R S in the future. So here we go with Mr. Matt Gagnon.
[00:00:57] Matt Gagnon: And we’re back 7:36 WGAN morning news. A pleasure to have you on this fine Wednesday morning. Thanks for listening. Craig Peterson, our tech guru joins us every Wednesday at this time.
[00:01:07] And of course you also hear them on this very station on Saturdays at one o’clock Craig, Welcome back to the program. Good to talk to you as well.
[00:01:14] Craig Peterson: [00:01:14] Hey, thanks. Glad to be here. Have a great independence day with the family. They all came in from literally all over the world. So it was cool. Yes, indeed.
[00:01:24]Matt Gagnon: [00:01:24] I hope you had a good one and and thanks for joining us now on this July 7th. So Craig, I know that we have, obviously every week we have a, some, topics that we want to chat about, but I did want to bring up this big gigantic. That happened as well. If you don’t mind going off script a little bit here and talking about what what what we’re learning about this stuff.
[00:01:41] I was just checking out some stuff this morning about how it still remains unclear how many businesses were actually hit by this gigantic ransomware attack. And and of course now, Demands for $70 million and everything else. It’s all very reminiscent of earlier tax in the year where we paid ransom.
[00:01:59] And then you got, keys to decode things and it didn’t even really work. And then they had to do it their own way. It’s just part of this evolving story that is ransomware attacks. It seems to be getting worse and worse. And I just wanted to maybe get your thoughts on the effect of this.
[00:02:12] And is it getting worse? Is, are we going to see more? Yeah.
[00:02:15]What we’re looking at is called a supply chain attack. So think of maybe a company that makes boxes for instance, and they, of course they need stuff from the supply chain. They’re going to have glue. They’re going to have staples are going to have various other things.
[00:02:31] And they trust the, the incoming staples and glue, et cetera, are going to hold the boxes together. That’s what we’re seeing here. We’re seeing a company in this case, it’s a technology firm called they’re based down in Florida that provides services for businesses and governments, world wide.
[00:02:52] And the beautiful thinking about this from the hacker standpoint is they don’t have to hack a hundred thousand companies. All they have to do is hack. Company and that’s cause say, yeah. So cause they provide services for managed services providers. These are the, it shops, the businesses that you’re using to manage your computers, your networks, your security, and the software.
[00:03:22] This can say a thought. Has full administrative rights to these networks. So if you can compromise one piece of software, you now have the ability to compromise a hundred thousand businesses and install ransomware steal information. Ever you want to do so we’re still not sure as you pointed out what the actual ultimate problems are going to be for businesses because not only managed services providers use cause say, but so do government agencies, we.
[00:04:00] Major problems in Sweden were major. Portions of their economy were completely shut down, including mass transit. We’ve seen these problems before. And what happened really is people are putting their trust in these managed services provider, which I’m one, that’s what we do for businesses. We do it for everything from doctor’s office.
[00:04:25] All the way through government contractors, DOD contractors, but we do not use these tools because they are not safe. We have some of our own that are completely isolated. We’ve got to really change what we’re doing because. Is absolutely huge. And we really just don’t know what the ultimate problem or, the results of this damage is going to be.
[00:04:54] It’s very scary stuff. Obviously a brave new world. We live in Craig Peterson, our tech guru joins us on Wednesdays at this time. Craig, moving on to other stories here. Been frustrating for me to wait for the tax man, the IRS to actually get me back my refund. I still don’t have it. I’m one of, one of those people that still has been a Saturday sitting here waiting and delaying and blah, blah, blah, et cetera.
[00:05:16]But our tax system, really works on trust, right? Trust that your data and information will be more or less secure with the IRS trust that the IRS is actually going to give you back the money you deserve when you file your taxes correctly, lots of trust involved in the system. But what happens then when the IRS itself has a data breach, all that information, all that stuff, I keep handing them every year is now basically open it’s open season on that.
[00:05:40]That’s not a good thing.
[00:05:42] Craig Peterson: [00:05:42] No, it’s not, they know your family status. You’re filing joint married or separate, whatever might be of what businesses you do business with, because that has to be disclosed. When you’re saying this is where the income comes from, what debt you have. Medical or disability status and just a whole bunch of other things this year, including whether or not you have been toying and you’ve made money off of Bitcoin.
[00:06:07] So all of that goes into databases and we’re really concerned right now because president Biden has said that he is going to have the IRS. Force disclosure of even more sensitive information on almost every American taxpayer. So this is part of the government gathering, everything going in and out of our accounts.
[00:06:34] In fact, the Biden administration is now trying to get the banks to report any transaction that anyone makes a more than $600. Which is turning our banks and financial institutions into full time, basically IRS agents, which is a real problem. So ProPublica published a story that had information that was only a bit.
[00:07:00] Through the tax records and named a number of people and some private information. So we’re not exactly sure what’s happened here. Obviously, if the IRS might have been breached, it might be some insiders that are releasing information to her political opponents, which is not what the IRS is supposed to be doing, but we have all of this data.
[00:07:26] You can. The IRS is a major target of Russia and China already has all of the background checks for secret clearance and above of every federal government employee and military member as of a couple of years ago. So it’s a huge target. I don’t like the idea of the government requiring even more information going to them because it’s going to become a huge or.
[00:07:54] Matt Gagnon: [00:07:54] And finally, Greg, I also want to ask about this this story that I was reading about selling your Amazon echo, your Google home any sort of device like this. I know a lot of people have privacy concerns, you go to sell it, right? Does your information go with it?
[00:08:10]Should you be. Doing something special factory wipes or something beyond that, maybe hitting it with a sledgehammer. What should I be doing in order to make sure that my information is not handed on to the next group of people that have my stuff?
[00:08:22]Craig Peterson: [00:08:22] There was a little bit of a study that was just done where this group went online and bought a number of these devices.
[00:08:29] The Amazon echo was, you mentioned. Google home devices and a few others. This is at Northeastern university and they got almost a hundred of them from E-bay and the flea market. And then they started to have a look at them. The first thing you should do, if you are going to resell them is do a factory reset.
[00:08:50] And that makes it a lot harder for people to get information off of them. But it is frankly, between you and me. It’s very easy. Even after a factory reset to pull off information like the wifi information, the location that the device was used at the, even the account information of the person that had the.
[00:09:15] Device. And I have actually had a listener that contacted me saying my Amazon account now has been hacked and has been used to order stuff. And so they worked with the fraud department at Amazon to figure out what had happened. And according to this listener, the front department reported back that they had ordered things from their Amazon echo device.
[00:09:39] They had sold online app. A factory wipe. So you mentioned the sledgehammer trick and that is very effective at that, but I’m worried about these. I don’t think I would resell mine. I think I would destroy them. But the big thing that you have to worry about are the hard desks and storage devices that are on our computers.
[00:10:07] Take a drink. Drill three holes safely into the disc area, the round area on a desk, and pretty much anywhere in the center, if it’s an SSD, if it’s one of these solid state desks and make some nice big holes in it and throw it out in the trash, we actually remove the platters from the desk and we melt them down.
[00:10:30] We have a furnace, we melt them in for our client. That’s the only thing. That’s a hundred percent, but the. Put a nice drill through those hard disks or SSDs and a sledgehammer to these smart drives are not smart. Drive smart devices and you’ll feel much better as long as you do it safely. Get a little aggression out too.
[00:10:51] Matt Gagnon: [00:10:51] Indeed. All right. Craig Peterson never have aggressive feelings when you joined the program. Always good to talk to you and get the lowdown on technological stories. Appreciate it. Good luck on Saturday, of course. And we’ll talk to you again next week, sir.