Did You Hear How the FBI, NSA, and CIA Got Tracked Because of Their Smartphones? How About You?
You’re worried about surveillance. Hey, I’m worried about surveillance. And it turns out that there’s a secretive company out there that to prove their mustard tracked the CIA, and NSA yeah. Fun thing.
[Following is an automated transcript.]
[00:00:16] This is a company that is scary. We’ve talked before about a couple of these scary guys.
[00:00:22] There’s this Israeli company called NSO group. And this it is, so group is absolutely incredible. What they’ve been doing, who they’ll sell to these. Guys are a company that sells cell phones, smart phone exploits to its customers. And there are alleged to have sold their software to a variety of human rights abusers.
[00:00:53] We’re talking about NSO group coming up with what we would term a zero day hack against I-phones against Android phones against pretty much anything out. So in other words, I hacked that no one ever seen before and then use that in order to get into the phone and find information, they views things like the, I think it was what’s app and video that was sent and usually.
[00:01:22] To hack Saudi Arabian phones. You might remember Chris Shogi this journalist. I guess he was who apparently was murdered by them. Big problem. So this Israeli group. Yeah. Yeah. They sell to anybody that’s willing to pay. At least that’s what the allegations are. I’ve never tried to buy their stuff, but yeah, they’re assisting government with hacks with.
[00:01:48] Ultimate in surveillance. Another one clear view. We’ve talked about them on the show before this is a company that has done all kinds of illegal stuff. Now some of it’s technically not illegal. They’re against the terms of usage, what Clearview has done. And now they’ve gotten involved in this Russian Ukrainian.
[00:02:12] War that’s been going on here and they’ve gotten involved with a number of legal cases in the us. What they did is they said, okay great. Let’s do something. You remember Facebook, right guys. So you’ve heard of that before. And how Facebook got started. Mike Zuckerberg. MK went ahead and stole the pictures of the women that were in Harvard’s cattle.
[00:02:41] And I will, when I’m, when I say catalog, okay, this isn’t like a catalog of women, order one mail order type thing. We’re talking about their index, their contacts, there is a catalog of all of the students that are there in the school. So Zuckerberg goes and grabs those against policy.
[00:03:00] Okay. Maybe it wasn’t strictly against policy at the time. And then he puts up some. Called the Facebook where people can look at a picture of a girl and decide whether or not she should get a five or a 10 or a one. Yeah. That sort of stuff, abusing people that really is abuse. I can’t imagine.
[00:03:19] The way people felt, I had seen their ratings by people that didn’t know them, that somehow their Def definition of beauty really defined who they are. It’s crazy what the stuff he did. So he started his business by stealing stuff. Microsoft started his business by. By going ahead and misrepresenting, some would say lying to IBM about what he had as far as an operative system goes right, again and again, we’re seeing dishonest people getting involved, doing dishonest things to get their companies off of the ground.
[00:03:54] And I have a friend who’s an attorney who says, and Craig, that’s why you will never be wealthy because you just wouldn’t do any of that. So Clearview is another example of these types of companies. In this case, clear view, went to Facebook and crawled any page. It could get its little grubby crawlers on.
[00:04:18] So it found your public fake Facebook page. It went. Over the internet. There’s a number of websites. Some are out of business now, but the, you upload your pictures to you. People can rate them, can share them. You can share them. Hey, you got your own photo gallery here that you can share with friends and a million other people.
[00:04:39] I’m right. That’s what ended up happening. That’s how those guys made the money. They’re selling you on, Hey, you can look at how convenient this. And you can have your own little photo gathered at gallery and you can take that full load photo gallery and share it with your friends. And then if you read the fine print at T and we’ll make money off of showing your pictures and showing ads well, Ah, Clearview went and scanned every website.
[00:05:08] It could get its grubby little scanners on crawled through the mall, downloaded pictures of any face that it could find. And then went ahead and digitized information about people’s faces. So it spent years scraping and then it put together its technology, facial recognition technology, and went to the next level, which is, Hey, please department, get my app so you can get the clear view.
[00:05:41] And do you encounter someone? You can take a picture of them and upload it, which now gives them another face. Doesn’t it. And then once it’s uploaded, it’ll compare it. It’ll say, okay. Found the guy here. So with the Russia Ukrainian war, what they were doing is taking pictures of dead and injured, Russian soldiers, running them through this database online of all of these spaces, found out who they were and went so far as to use.
[00:06:14] Stolen data online. Now this is war, right? The whole thing is crazy, but the stolen database online find out who their mothers were, the phone numbers for the mothers, and to have people all over the world, sending text messages to mom about their dads. Yeah. Okay. So Clearview sells it to police departments.
[00:06:38] They sell it to pretty much the highest bidder they say, Hey, listen, we don’t do that. Come on right now. There’s other data brokers. And I’ve had a few on my show in the past who are using harvested information from phone apps to provide location data. To law enforcement so that they can then circumvent.
[00:07:03] What you have a right to privacy. Don’t you it’s codified right in the bill of rights. I was first 10 amendments to the U S constitution and it was all defined by the Supreme court’s carpenter decision. So we have protections in the constitution, natural, right? That were confirmed by the Supreme court that say, Hey, the federal government, you cannot track all of the citizens.
[00:07:31] You can’t track what they’re doing. You can’t harvest their information. And yet at the same time, They go to the data brokers that have put together all of these face pictures, figured out who your friends are, you sign up for Facebook and it says, Hey, you want me to find your friends?
[00:07:49] See if they’re already on Facebook. Just hit. Yes. Here, not blowed your contact list. So I’ll go. Facebook says, oh, look at all your friends. Or we found isn’t this exciting. And in the meantime, in the background, Facebook is looking at all of this data and saying, we now know who your friends are. And so many people have wondered I wait a minute.
[00:08:10] I didn’t talk about. I didn’t do a search for product X online, and yet I’m getting ads for product X. Well, did you mention it to a friend who might’ve done a search for it? Because these search engines, these companies like Facebook know who your friends are, what they’re interested in, and they’ll sell ads to people who are going to promote to you the same items they’re promoting to your friends.
[00:08:35] It’s absolutely crazy. So this company. It’s called and they’re very quiet, very low key. The website doesn’t say anything at all, but they took their software. That’s pulling all of this data together and compiling it. Yeah. And ASX pointed all of this technology towards the national security agency and the C I a and Jews, their own cell phones against them.
[00:09:08] Now, why did they do this? They didn’t do it to prove something about how, you shouldn’t allow this sort of thing to happen and they didn’t do it to prove that man, we’ve got to have tighter controls because look at what we can do. If we can do it, other people can do it. No. According to audio, visual presentations and recordings of an ACX presentation reviewed by the intercept and tech inquiry.
[00:09:36] claimed that it can track roughly 3 billion devices in real time. That’s equivalent to a fifth of the world population. You’re not going to find anything out about Asics it’s called anomaly six. Good luck online. If you find it, let me know email@example.com. I’d love to know more about these guys. The only thing on a website for them as an email address and a six anomalies six in that presentation showed the nation spooks.
[00:10:13] Exactly what knew about. All right. Apparently is also ignoring questions from journalists and will only respond to emails from people in upper levels of federal agencies, which means, and maybe this is a supposition from our friends over at tech dirt. I don’t know. But then what that means is they’re looking to sell your information in real time.
[00:10:43] To the feds to get around the carpenter decision and the constitution just absolutely amazing. Hey, go online right now. Craig peterson.com. I’ll send you my special report on passwords and my two other most popular Craig peterson.com. Stick around.
[00:11:06] Have you ever wondered about search engines? Which one should you be using? You’re not alone. It’s probably the number one question I get from people. What should I use? Google is falling behind, but we’re going to talk about the top engines and the why.
[00:11:23] Google has been an amazing company moving up. Of course, we’re just talking about the cheats.
[00:11:31] So many companies have taken over the years and Google has certainly had its share of cheat. I haven’t seen anything about them just doing completely underhanded things to get started. I think. They were pretty straightforward. They had a great idea back in the beginning, where they were just looking at links, how many sites linked into this one particular site?
[00:11:57] And that gave this concept of a page rank. Very simple, very easy to do. Of course, are problems with. Because you would end up with pages that are older, having more links to them, et cetera. And they have over the years really improved themselves, but we also have some other problems right now with Google.
[00:12:22] If you do searches on Google for a number of different. And you’ll see that really Google search quality has deteriorated in recent years. We’ve talked before here about some of the problems with Google and elections and how they have obviously gone out of their way to influence the election.
[00:12:43] There is study down in, done in orange county, California, or at least about orange county, California, and an election down there showed that Google had a major influence on that election and also tilted it a certain way on purpose. Absolutely amazing. So that’s one way Google has fallen behind, but you can.
[00:13:06] At all kinds of searches and hope you’re going to get a great response. And you don’t have you noticed that it’s gotten worse and then on top of it, you’re starting to see more ads squeezed in it is not great. I have used. Of course for programming in years past, before that I liked alter Vista, which was a digital equipment corporation product out there.
[00:13:32] Vista was pretty darn good. And you could use Boolean logic with it. Google says you can use Boolean with us, but it’s not the same as Google’s is very simple. But at any rate they have not made any. Leaps here going forward. It’s been absolutely amazing. So let’s go through the search engines.
[00:13:53] I’m going to give you right now, the pros and cons to some of these search engines out there. So we started with. It is 800 pound gorilla. And in case you didn’t know the number two overall search engine is YouTube. Okay. But let’s stick with straight searches, not video searches. So what is great about Google?
[00:14:19] One of the big things is they like fresh content. So if you’re looking to do search engine optimization for your business, you are best off having some Keystone pages. So having these pages that are. Kept up to date. So you might have a page on whatever it might be hacking VPNs, right? And you make sure you update it because Google does favor the fresh content.
[00:14:45] They rank blogs and. Services, which is really nice and they’re accessible in any device. They have apps that work well on a browser. And I’m right now, I’m firstname.lastname@example.org on the best search engine. So you’ll see some of this information there. They don’t like about it is the same thing you don’t.
[00:15:09] Right? Which is, it collects all kinds of data on you. They also have hidden content that, that might damage your ranking as a business or someone who has a website and the search delivers. Too many results, millions of results. Yeah, there probably are millions of results for a single search, but what I want are the really relevant ones and Google learns over time.
[00:15:38] What kind of results that you want, which is kudos to them, but they are tone deaf sometimes, frankly as well. Okay. Our number two on our list of topics. Is duck go. Now I’ve been talking about them for quite a while and some people have been disparaging talk, talk, go lately. And the reason is they say, what.
[00:16:03] And those search results maybe are a little wrong, right? They are maybe student little sensory, not as much as Google does, but some, at first duck go.com is where you’ll find them online named after that kids game. Is a privacy search engine. So it is not tracking or storing any information about you.
[00:16:29] That’s a very big one. There are searches are very fast, but they’re backed. The actual backend search engine is. Which is Microsoft. We’re going to get to that in a couple of minutes here. That means that if Microsoft is deciding to do some weighting on search results, based on their political views, then that’s going to show up in duck go, but it’s nowhere near as bad.
[00:16:54] And I’ve talked about it on the show before we’d done some examples. So it is also now giving you the option to restrict your searches to the last month worth of results, which is really nice. That keeps a little more up to date. They also aren’t great at image searches, no personalized results, and it is free, which is nice.
[00:17:17] You might also want to look at quant Q w a N T. If you look at. A private or privacy browser. Quanta’s a French company, but it does leave English as well. Okay. English results. They like the older and well-established web pages, they rank home pages. They do not rank blogs. They crawl all kinds of hidden content and non hidden, equally, unlike Google, which is really great being as not great at forums.
[00:17:50] As I mentioned, blogs, they’re not as fast as Google. And they have some seriously heavy search results screened. Dogpile they’ve been around for quite a while. You might want to check them out. They have something called fetches and favorite fetches. So you can have a home screen when you go to dog pile and you’ll see right there.
[00:18:14] Your favorite searches and they’re right there for you. You can just keep going to them. They use multiple databases so they can get broad results, multiple backend search engines, and there’s no home screen personalization available. And lots of sponsored results, which isn’t a real big deal, but you’ll find them email@example.com, Google scholar search.
[00:18:38] I’ve used this a number of times. If you’re looking for scholarly articles, it is really good. You can get citations in various styles. If you are working on your master’s PhD, whatever. B and they’re imposing a style in the document that you’re writing. So you can put it into the bibliography and a, they got a lot of great stuff.
[00:19:02] Google scholar you’ll find online at scholar dot, google.com. Wearable PDs, sir. It focuses on technical terms and applications, which is good, friendly to non-tech users. And it is only searching the web well, PD is 10,000 word and phrase database. So that’s pretty. To to understand to Yahoo search, they have a home screen, has news trending topics.
[00:19:33] I’ve used y’all who? Of course it’s not what it used to be, but it does have everything right there. Even your horoscope. And the ads are not marked out clearly. And then there’s the internet archive search. This is actually a site that I fund. I donate money to them every month and you’ll find firstname.lastname@example.org, but it is really cool.
[00:19:58] You can search based on timeframes again, if you are doing papers, if you’re a journalist. You can find what was the internet like? Or was this webpage? What was it like around a hurricane Katrina in 2005, right there. We will find it email@example.com. Hey, stick around. We’ll be right back.
[00:20:23] You already know that hackers are coming after you we’ve talked about how they are out there, scraping web pages, putting together stuff. I want to bring up again, the Ukraine, Russian war and Russia leaking data like a sieve .
[00:20:39] It is, of course in the news again, it seems like it has been in the news for how long now, six years, maybe longer in this case, we’re going to talk about what the hackers are doing because they’re not just doing it to Russia.
[00:20:56] They’re doing. Us. And it’s a problem. We’re going to explain why you’ve heard of doxing before D O X I N G two docs, someone which is basically to find documentation about people and to release it. That’s really a part of it. So you’ve seen some political operatives who have gone online and doxed people.
[00:21:22] For instance one of them is libs of tick talk. You might’ve heard of that one, and this is where they take all of these crazy things that crazy people on tick talk, go ahead and publish and just put excerpts of them together. They don’t cut it up to make them look crazy. No. They let them be crazy.
[00:21:42] All by themselves and put it online. So some libs decided, Hey, we don’t like this. And journalists who had been complaining about doxing before that shouldn’t be done and it’s unethical. It should be illegal. Yeah. What does she do? She goes and docks. The lady that was running libs of tick talk.
[00:22:07] And I, it just blows my mind here. How can these people be so two faced, they really are just crazy to face. So she went ahead and did what she said should never be done. And I’m sure she had some form of justification for it and put it out online. So I went online, comes this lady’s home. Address her name.
[00:22:31] Kinds of stuff and that’s available online right now. Now you might want to try and do something that I’ve done before, which is, if you go to one of these data brokers, ads for these things, right? Do a search for yourself with us. And have a look at how accurate that information is. When I looked last time I looked cause I had a few data brokers on the radio show.
[00:22:58] I would say less than a third of the information that they claimed was information about me was actually accurate less than a third, frankly. And I don’t think that’s a particularly, what’s the word I’m looking for, but Unique situation. Let me put it that way. I don’t think it’s unique at all. I think they get a lot of it wrong because remember, they’re trying to piece together this piece together that and put it all together.
[00:23:27] So you can’t a hundred percent rely on any of that stuff. And as I said, for me, it wasn’t particularly accurate. Now let’s move into. Ukraine has claimed to have doxed Russian troops as well as FSB spies. Do you remember them from the Soviet union? They still exist, and hacktivists actually have official scheduled meetings and are leaking private information from various Russian organizations in Russia.
[00:23:59] So we’re talking about things like their names, birth dates, passport numbers, job titles, and the personal information that they have released about these Russian companies. And people goes on for pages here. It looks like frankly, any data breach, you’ll find a great article about this that I’m referring to in wired.com, but this particular data.
[00:24:25] Can change personal information on 1600 Russian troops who served in bootcamp, a Ukrainian city, that’s been attacked by Russia. And by the way, you’ve probably seen these things. There were all kinds of accusations here of multiple potential war crimes. What was going on over there? So this data sets not the only one.
[00:24:50] There’s another one that legislature legislation. Allegedly contains the names and contact details of 620 Russian spies who are registered to work at the Moscow office of the F S B. That is Russia’s main security agents. Now this information wasn’t released by hackers in North Korea or hackers in the us or Russia, because we already know Russian hackers.
[00:25:22] Don’t attack Russia. They’re not stupid. Okay. They don’t want boudin coming after them, but this was published by Ukraine’s intelligence service. So all of these names, all of these personal details, birth dates, passport numbers, job titles, where they’re from all kinds of stuff. I’m freely available online to anyone who cares to look now, Ukrainian officials wrote in a Facebook post as they publish the data that every year peon should know their names.
[00:25:56] So you got to bet, there are a lot of people freaking out over there. Absolutely freaking out in Russia that is. Since the Russians invaded Ukraine, there have been huge amounts of information about Russia itself, the Russian government activities and companies in Russia. These, all the guards that are over there and it’s all been made public.
[00:26:21] So it’s very interesting because these are been closed off private institutions in the us. Yeah, we do some hacking of potential adversaries, but they don’t release. All right. Not at all, but there’s really two types of data here. First of all, you’ve got the information that the Russian authorities are publishing.
[00:26:42] Their allies are publishing, and then you’ve got the hacktivists, these companies, these groups, I should say. Anonymous hundreds of gigabytes of files and millions of emails have been made public, including some of the largest companies within Russia. The big guys, oil and gas companies or lumber companies, et cetera, et cetera.
[00:27:08] So there’s a former British Colonel in the military intelligence. Wired is quoting here, his name’s Phillip Ingram. And he said, both sides in this conflict are very good at information operations. The Russians are quite blatant about the lies that they’ll tell we’re used to that aren’t we, and much of the Russian disinformation has been debunked, but they say.
[00:27:36] They have to make sure that what they’re putting out is credible and they’re not caught telling out right. Lies in a way that would embarrass them or embarrass their international partners. So it’s really quite interesting. We’ve started seeing the stuff coming out in March 20, 22. Of course. And it’s hard to tell how accurate the data is.
[00:28:00] Looks probably pretty accurate. It has been scooped up as I mentioned on the show before, but. Some activists, one of whom has put together an app that anyone can download. And that allows you to send texts to the mothers of Russian soldiers, some alive, some dead, and it automatically translated into Russian.
[00:28:24] I assume it’s a crude translation, but whatever. So you can. Harass some bore a babushka over there in Russia, whose grandson is out there fighting. This is just incredible. We’ve never seen anything like any of this before, but doxing very toxic online behavior. And when it comes to war, the gloves are off.
[00:28:48] And by the way, these groups that I mentioned, these hacktivists have official meetings, Tuesday mornings on telegram, and they talk about who the next target is. Absolutely amazing. Make sure you visit me online. Craig Peter sawn.com and don’t go anywhere because we’ve got more coming up here about organizations in general, here in the us breaches are up stolen data or.
[00:29:17] And the number of bankruptcies are up because of it.
[00:29:23] Hacks or up no, you know that we’ve known that for awhile, but did you know that is not necessarily the number one reason businesses are suffering breaches. So we’re going to talk about that right now. What else you have.
[00:29:39] We’ve talked before about some of the websites that I keep an eye on.
[00:29:44] One of them is called dark reading and they’ve got a lot of good stuff. Some of the stuff I don’t really agree with, who agrees with everybody or another person, just one, even a hundred percent of the time. Like no one. Okay. So in this case, we’re talking to. Organization suffering a breach.
[00:30:03] And the stat that they’re quoting here is that more than 66, 0% of organizations have suffered a breach in the last 12 months. That’s huge. And the breaches have gotten more expensive. Global average breach cost is $2.4 million. And if you are unprepared to respond to a compromise, that price tag increases to $3 million.
[00:30:36] Yeah. That’s how bad it is. That’s what’s going on out there right now. But the point that really they’re trying to make here, a dark reading in this article by Robert Lim. Is that organizations are focused too narrowly on external attackers when it’s insiders third parties and stolen assets that cause many breaches.
[00:31:02] That’s what this new study is showing from Forrester research. Now I had them on the show a few times in the past, you might be familiar with them. They are a research company. The charges a lot for very little information, they’ve got the research to back it up right there. They’re really one of the leading, if not the leading research company out there.
[00:31:26] So last month they came in. With the 20, 21 state of enterprise breaches report. And they found that the number of breaches in the cost of breaches varied widely, depending on where the organization is based. And. The big one that you have control over is whether they were prepared to respond to breaches.
[00:31:53] Now, companies in north America had the largest disparity between the haves and have not listened to these numbers. They’re bad for businesses, these numbers, and they’re worse for individuals. The average organization required 38 days. 38 days over a month on average to find eradicate and recover from a breach, but companies that were not prepared for security challenges took 62 days.
[00:32:28] Now the good news here is that this is down. It used to take nine months on average, and now we’re down to two months, but here’s the big question. Can you, or can a company survive 62 days or is it going to be out of business? Do you have enough money to make payroll for the next two months? That’s where the problem.
[00:32:55] Really starts to come in. That’s why small businesses that are hacked small businesses that are using things like Norton or some of the other real basic software without having a good firewall and good security practices. And same thing with individuals here. You are going to be out of business.
[00:33:17] That’s of the showing right now. And your insurance policy that you have for cybersecurity insurance will not pay out. I did a presentation for an insurance industry group. This was in Massachusetts and it was a statewide group. And we’d talked about how the. Are not paying out the companies.
[00:33:41] Aren’t right. And why, and if you are not prepared, if you are not doing the right things and I can send you a list of what you need to be doing, if you’d like, just email firstname.lastname@example.org. Be glad to send it to me. M E at Craig Peterson, P E T E R. So when Dr. And just to ask for it and I’ll respond to you or we’ll get married or someone else to forward it to you because I’ve already got it.
[00:34:07] Okay. This isn’t a big deal for me. Okay. It’s ready to go. But that list is an important list because if you don’t meet the standard. That the insurance industry has set forward and you are a hack. They’re not going to pay you a dime, even if you Sue them. And we’ve seen this with very large companies as well, where they’re trying to recover tens of millions of dollars from the insurance policy, and they didn’t get a dime.
[00:34:36] They had to also pay who knows how many millions to lawyers to Sue the insurance companies. And they lost. Okay. It’s a very big deal. So there’s a huge misalignment, according to Forrester, between the expectation and the reality of breaches on a global scale, there’s a big disparity of above $600,000 between those.
[00:34:59] Paired to respond to a breach and those who are not. And we can talk about that as well, because there’s things you need to do obviously backup, but backup means you’ve got to check the backup. You’ve got to make sure it’s valid. You should be spinning up the backups on, in a virtual environment in order to make sure the backups are good.
[00:35:22] There’s a lot of things you should be doing. Okay. And that’s just a part of it. Plus, do you have your PR people ready? Are you able to respond to the state requirements? A lot of states. Now, if you are hacked require you to report it to the state, in some cases in as little as 72 hours. So do you have that paperwork ready?
[00:35:46] Do you have the phone numbers of all of the people that are on the team? Okay. All of these things now, the threats are not just the external hack. Anybody who’s trying to protect their data is focused on obviously the external hackers. That’s where we tend to focus part one part two is we focus in on the people that are working inside.
[00:36:13] The company, right? It’s a zero trust narrative here. Why is this guy in sales, trying to get into the engineering files? Why are they trying to get into payroll? You understand where I’m going with this, you buy and what I’m selling. You don’t want them to have access to stuff that they don’t need access.
[00:36:37] Attacks that Forrester found were spread over external attacks, internal incidents, third party, and supply chain attacks, which is really big nowadays and lost or stolen. Assets globally. Half of companies consider external attacks to be this top threat, but in reality, only a third of the incidents come from external actors.
[00:37:04] Nearly a quarter of them are traced back to an internal event. 23% consisted of lost or stolen assets and 21% involved with third. Partner. Interesting. Hey, so we’ve got to keep an eye on this. These external attacks are a very big deal and that’s where they have success with what are called zero day attacks.
[00:37:31] But your internal people can be a problem. Now I have. Put together in 2022, this is something really important. What we call a POA and M it’s a plan of action and milestones of what you need to be doing. For your cybersecurity. Okay. This is available absolutely free. You have to email me M email@example.com.
[00:38:00] But the idea behind this is it’s a spreadsheet that you can use in numbers on a Mac or Excel on windows. And it has all of the key items. Now we follow what’s called the. 801 71 standard. This is the national Institute of standards and technology, and they’ve laid out all of the different things. That you should be doing now.
[00:38:26] We’ve broken them down into eight cybersecurity activators as what we called them. And we have, you should have already gotten an email this week from me. If you’re on my email list, just talking about, cause we’re starting now getting into those cybersecurity activators. I’m showing you. To do about each one of them.
[00:38:46] So you can do it yourself. So many of us are stuck with being the CTO or the guy or gal in charge of it just because we like computers or we know more than somebody else. So if you’re on my email list, you will be getting these things off. We’re going to be going through them in the weeks. I had little quick mini micro trainings, if you will, but you gotta be on the email list in order to get them.
[00:39:12] These are also appropriate for home users right now. You’re going to have to make your decisions as to what you’re going to do, but home users have the same exposure, the same basic problems that they have in bigger organizations out. So I follow the national Institute of standards and technologies.
[00:39:34] They have broken it down into a number of different sections. They actually require it. And if you are compliant with this new standard you are going to be able to recover your money from the insurance company. If you are hacked, I don’t know. I was going to say it for a win, but hopefully you won’t get hacked because of this.
[00:39:58] So it’s an important thing to follow. So make sure you go to Craig peterson.com/subscribe right now and get subscribed. A lot of stuff for home users. My business is focused on securing businesses. Particularly regulated businesses, right? If you have intellectual property, you don’t want to have stolen a few do government contracts where they’re requiring you to be compliant with this new standard or some of the others, but it’s.
[00:40:27] Basic stuff that every business should be following. So just email me, M firstname.lastname@example.org with your questions. We’ve been really good at answering them. We’ve probably lately been averaging about a dozen a day. Which is quite a few, but so it might take us a little bit to get back to, but we’ve gotten much better.
[00:40:48] Mary her number one responsibility right now is making sure that we answer all of your emails. We’ll send out this plan of action and milestone spreadsheet for you. So you know what to do. This is updated. This is 2022. Everything you need right there. Me at Craig Peterson dot. Alright, you’ll also find my podcast there.
[00:41:14] Craig peterson.com. And I want to point out that I’m not doing the show on video anymore. Just wasn’t getting enough traction with, if it just takes too long. Anyways, Craig peterson.com.
[00:41:29] This is one of the top topics I’ve had people ask about lately, and that is protecting yourself and your business against Russian hacker. So I’ve got a presentation. We’re going to run through it. We’re going to talk about what you can do.
[00:41:46] This has been a long time coming. I have been doing a lot over the years of webinars of online meetings, trying to help people understand what’s going on, what can be done.
[00:41:58] And I got a great email this week from one of the listeners. Who’s been man on my email list now for years, I’m not even sure how many years. And he was saying, Hey, thanks for giving all of this information for free for small businesses. I can’t afford it. And I got to thinking, because there’ve been a lot of requests lately, for instance, backups how should I be doing them?
[00:42:22] What should I be doing? And a number of other topics that really all go together into the, how do I protect myself? My business. From ransomware from these Russian hackers. So that’s what we’re going to be talking about today. We’re going to go through a few of these. This is going to be a series.
[00:42:41] We’re going to continue this here and weeks ahead, and I appreciate all your feedback. And if you miss part of it, make sure you email me just M. Craig peterson.com. Let me know, and I’ll be glad to send some of it to you. Now I’m recording this on video as well. So it’s great when you’re driving around and listening in picking up some tidbits.
[00:43:04] And if you do want to see the recorded version again, dropping them in an email to email@example.com or search for me on YouTube or on one of the other sites that are out there like grumble and you’ll. This as I release it. Cause this is going to take a few weeks to really get into the whole thing.
[00:43:26] So let’s get started. I’m going to pull this up here. Full screen. For those watching at home and what this is called today, we’re talking about protecting your business and your self from Russian hackers because they have been out there. They have been causing just all kinds of problems, but there’s a few things that you can do.
[00:43:48] And I have them up on the screen here. Let me pull them up, but I want to get into the background first. Russian ransomware group. They’re a bunch of bad guys and it’s called Conti. Now. Conti has been around for a long time. These are the guys that have been ransoming us. They’re the guys who in rants. The businesses they’ve been rants.
[00:44:10] Government, you might’ve heard them. They’ve got into hospitals. They have been all over the place and they’ve raised a whole lot of. For the Russians. I’m also going to tell you about a couple of things you can do here. Cause there’s a real neat trick when it comes to keeping Russians out of your computers, but Conti decided, Hey, listen, we are all for Russia and president and Putin.
[00:44:34] So they came out with an official warning, oh, I want to read this to it says if anybody. We’ll decide to organize a cyber attack or any war activities against Russia. We are going to use our all possible resources to strike back at the critical infrastructures of an enemy. Yeah, no, not the best English, but much better than my Russian.
[00:44:55] I got to say that I know two words or so in Russian, but they said that they were announcing full support for president. That’s a pretty bad thing. If you asked me, they also have ties to Russian intelligence intelligence, but what are we talking about really? Think of the KGB.
[00:45:13] The FSB is what they’re called nowadays, but directly tie. China and North Korea, Iran, or also now tied in with Russia to varying degrees, but all of them are a little bit concerned about getting into it a little too much, but we’re going to talk about their tactics. That’s what’s important today. What are they doing?
[00:45:35] Why are they doing it? What can you do about. So the first thing is password sprain. This is big deal. I’ve got a nice big slide up here. I like that color blue. I don’t know about you, but I think it’s pretty, but password sprain is something we all need to understand a little bit better. It’s a brute force attack that has been really hurting.
[00:46:00] Many of us. Let me see if I can get this to work. For some reason it has decided it just doesn’t want. Let me see here. What is up? Oh, is something isn’t it’s just, I’m getting a white screen, but it’s a brute force attack targets users who have common passwords. Now this is a problem. When we’re talking about passwords.
[00:46:25] If you have a password that has been breached in any of these breaches that have gone on over the last, however long, right? 30 years plus now that password is known to the bad guy. So what they’ll do is they’ll take that common password and they’ll start to try it. So password sprain is where they will go to a bank site or they’ll go to Google.
[00:46:51] The, oftentimes they’re trying to get at your email accounts. So if you have Google email or Yahoo or Hotmail, they’ll try it. Use passwords that they have found against accounts that they have found on those various sites that ends up being quite a big problem for everybody out there. Okay. I got that screen back here.
[00:47:12] So I’ll put that up for those people who are well. But they will send multiple times attacks using variations of these passwords. And it’s known as a low and slow method of password hacking because if they were to go bam, and send all of these passwords and login attempts.
[00:47:35] They’d get caught. The automated systems would say, Hey, wait a minute. This is not good. We’re going to cut you off. In fact, that’s what I do for my client. We have remote access using SSH, which is a an encryption session so that we can have a terminal session. And if you try and log in three times, We automatically zap you, right?
[00:47:58] We shut you down. So they take a very slow approach to this password sprain technique. And they’re also going after volume, which makes a whole lot of sense. And there are right now, billions of passwords usernames, email addresses that have been stolen that are sitting out in the dark. So you’ve got to make sure that you are not reusing passwords.
[00:48:24] How many times have we talked about that? You’ve got one common password that you’re using over and again, while that’s a problem, but they’re not going to keep hacking your account. They’re going to switch from one account to another because they don’t want to get locked out.
[00:48:39] Just like I lock out somebody who’s trying to get in. So if someone’s coming from that same. IP address that same internet site. And they’re trying to log into that same account multiple times. Bam. They are gone. So with path’s word sprain, they’re trying to get around the problem of you noticing they’re trying to get into a bunch of different accounts and they try and leverage it.
[00:49:04] So they’ll oftentimes use multiple computers that they’ve stolen access to. We’ve talked about that before too. It gets to be a real big. Now they’re also targeting these single sign-on and cloud-based applications, because once they’re on. Using one of these federated authenticated authentication protocols, they can mask the malicious traffic.
[00:49:30] We’ve heard some of these hacks lately where they’re using a token that they managed to pick up from somebody’s email, I account, or they got onto Microsoft and they got into the email account on Microsoft. That happened recently. In a supply chain attack, solar winds. You heard about that 20, 21, right?
[00:49:52] So they’re going after these email applications, including Microsoft or Microsoft has done they’re going after routers and internet of things, devices for a very good reason, those IOT devices, which are things like your smart lights, they can be. Controlling the cameras outside, they go on and on there’s thousands, millions of them.
[00:50:14] Now I actually all the way through your microwave, they tend to not be very well protected. So that’s a real big target for them. So step. They want to acquire a list of usernames. Step two, they’re going to spray the passwords. Where do they get those passwords in those usernames? Or they get them from breaches.
[00:50:36] So again, if you have an account that’s breached at some online shopping site, a big one, a small one, it doesn’t really mean. That particular breach is now well known and they can, will and do gain access to your account which is step three, gain access to it. It gets to be a serious problem.
[00:50:57] Okay. How do you know if you are under attack? Number one? There is a spike in failed. Log-ins this is where having a system and there’s technical terms is tough for this. I’m trying to avoid a lot of those terms, but this is where the system is watching logins, noticing that there’s a problem and going ahead and stopping it, not just noticing it, but stop. Very important to do. There are a high number of locked accounts, which means what it means that again, someone’s been trying to log in. You should make sure that your account, if there are invalid, lock-ins automatic. Locks it out after some number of attempts and five attempts is usually considered to be okay.
[00:51:44] I know on my phone, for instance, I have a higher number of the neck, cause sometimes the grandkids get at it. But when it comes to your business account, when it comes to your bank account, you probably don’t want to have a whole bunch of attempts, and then in known or valid or invalid, I should say use.
[00:52:04] Attempt again, why are they trying to log in with a username that just doesn’t exist? Yeah, it can be a problem. Hey, when we come back. We’re going to talk about some steps. Like you can take here to really remediate, maybe even stop a password spraying attack. I’ve already given you a few ideas here, but what are some act of things that you can do, particularly for a small business to really protect yourself?
[00:52:33] Hey, stick around. We’ll be right back. Craig peterson.com.
[00:52:39] Russia has, been hacking our computers, Russia’s continuing to hack our computers and this is a real problem. So we are going to talk right now about how to stop some of these things. We already talked about password sprain. How do you stop it?
[00:52:56] There are a lot of things we have to pay attention to, and that’s what I’m going to be doing in the weeks ahead.
[00:53:03] We’re going to be going through some of the things you need to do to keep yourself safe. Keep your business safe in this really dangerous online. There are so many things going on. So many people that are losing their retirement businesses, losing their operating accounts. We’ve seen it before with clients of ours while you know their clients now.
[00:53:29] And it was just a devastating thing to them. So I don’t want that to happen to you now, if you are interested. All of this is recorded and I am doing this as video as well. We’ve got slides and you can find out more about it. Just email me M firstname.lastname@example.org. It’s really that simple. And I didn’t let me know.
[00:53:54] And I’ll be glad to send it off to you. Okay. This is available to anybody I’m trying to help. And we’ve had a lot of emails recently about some of these things. So th this is covering everything from the password spraying we’re talking about right now through backups and other things that you need to do.
[00:54:14] Let’s get going on our sprain problem. So w what are the steps that we need to take in order to really remediate against one of these password spraying attacks? And frankly, it is. Oh, a lot to do. It has a lot to do with our users and what we do, if you’re a business, if you are an individual, we need to be using longer passwords.
[00:54:43] Now we’re not talking about all of these random characters that we used to have. I remember having to have my password be at least four characters, long APAC, when didn’t even have to have a username, it was just all based on the password. And things changed over the years, the latest standards that are out there right now come from this too, which is the national Institute for science and technology.
[00:55:07] They are the guys that put together, all of the guidelines said federal government and businesses need to follow. And they’re telling us that a longer passwords means elaborate pass phrase. So you should use 15 character passwords. I had an article just a couple of weeks ago saying that an eight character password can be cracked almost instantly, certainly within an hour, any eight character password.
[00:55:39] So if you’re still using that, you’ve got to make a change. And obviously nine characters is a lot more possibilities, takes a lot longer to crack. I don’t have those numbers right in front of me, but 15 is the ideal. So use pass phrases instead of single words. So phrases like I don’t know secretary of one, the Kentucky.
[00:56:04] There you go. There’s a phrase. So what you would do is put, maybe dashes between each one of the words. Maybe you would go ahead and use a comma, put some numbers in there, put some special characters in upper lowercase, right? So it’s basically on uncrackable at that point. And that’s what you want.
[00:56:24] Next one. When we’re talking about rules for your passwords, the best passwords are the passwords that you can remember without writing them down and words that don’t make sense to anyone else’s. I remember taking a memory course a few years back and they had random words and you had to remember them.
[00:56:49] And the whole idea was okay, visualize this happening. And as I recall, man, it’s been a lot of years I won’t say decades, but it hasn’t been. Since I did this, I still remember a part of it, it was first word was airplane. Next was all envelope. The next one was paper clip. Next one was pencil.
[00:57:08] So I visualized an airplane flying into an all envelope and that all envelope then goes into a paper clip and a pencil writes on the outside. Like it’s addressing it to someone. That is a good little password, actually airplane or envelope, paperclip, a pencil with a mixed case and maybe a number two or special symbol thrown in.
[00:57:35] Those are the types of rules that we’re talking about. The types of rules that really. Next up here. Oops. Wrong keyboard. Stay away from frequently used passwords. We’ve talked about this many times. If you’re using one of the better password managers, like for instance, one password, you will automatically have any passwords that you are there in Shirin or that it creates you’ll have them checked via a website out there.
[00:58:07] It’s called. Yeah. Okay. It’s called. Have I been poned I, and I hated to say this because how do you spell it? It’s all one big, long word. Have I been poned to.com and poned is P w N E d.com. It will tell you if a password that you’re trying to use is a known password. If it has been found out in the wild, okay.
[00:58:32] Use unique passwords for every site you visit, I can’t stress this enough. We were talking about password sprain. If you use the same password and email address on multiple sites, you’re in. Because all they have to do is try your email address and your password for whichever site it is that they might want to try out.
[00:58:58] Remember, many of them are trying to get into your email and they have done that successfully. With Microsoft email, if you have their Microsoft 365 service and you might want to read the fine print there very carefully, because Microsoft does not guarantee much of anything. You make sure you back it up yourself.
[00:59:20] Make sure you do all of these things because Microsoft just plain, isn’t doing them for you. Next one here. Next up is our password manager. And I mentioned this before installing and using a password manager is phenomenal. It automates the generation of passwords. If you have. Integrated with your web browser.
[00:59:45] It now allows your web browser to work with your password manager. So when you go to a site, you can have it pull up your passwords. How could it be much easier than that? It’s really rather simple. That way it’s keeping track of your logins. And again, One password.com is the one I recommend and people get confused.
[01:00:06] When I say that, when I’m saying one password, I don’t mean only have one password used for everything. One password is a name of a company. Okay. So it Talking about only having a single password, but use a password manager. And I’ve got all of these up on the screen right now. If you’re interested in getting copies of these, you can go ahead and just email me M email@example.com.
[01:00:35] And I’ll make sure I send you a copy of the slide deck of this presentation as well. Cause this is just so important, frankly, but having these points is going to be huge for you. Now strange activity. That’s another very big deal. And we’re going to talk about this when we get back, what is it?
[01:00:55] What does it mean? But I’m going to hold off the rest of this, I think for another week. But right now, what let’s hit this, we’re talking about odd log-in attacks. A lot of login attempts, the excessive login attempts trends in unusual activities take any, you need to basically take measures to block it and determine if this activity is legitimate.
[01:01:20] Is someone just for forgetting their password and spraying themselves or what’s going on? Okay. There you go. Simple. Hey, everybody, you can find out a lot more and you’ll be getting links to this automatically to these videos, et cetera. If you’re on my email list, Craig peterson.com and you can email me M firstname.lastname@example.org.
[01:01:45] We’d be glad to send you this or any other information I might have. All right. Take care. We’ll be right back.
[01:01:54] Putin has been working for a while. In fact, it looks like as early as September in 2021, Putin started going after major us corporation. So we’re going to talk about that. And what does it mean?
[01:02:10] Putin has been going crazy for a while. I’m going to put this up on the screen for those of you who are watching either on rumble or YouTube, but Putin planned this whole invasion apparently quite a while ago.
[01:02:27] And I got an article from the Washington post up on MSN talking about what Putin did at least a little bit about what he did. And you can see right here if you’re following. That Russian agents came to the home of Google’s top executive and Moscow. And what they did is gave an ultimatum. They told that Google, a senior executive that they needed.
[01:02:55] Pull down an app that was in use in Russia. And this app was polling. It was for people to do polls and say, Hey what do you think about Putin’s garden performance, et cetera. We do them in the U S all of the time you hear about the polls right left and center. Poland, which is a small country next to another small country called Ukraine next to a large country called Russia.
[01:03:21] But we’re talking about Paul’s favoribility polls. What do you think they should be doing? What do you think that the government should be doing and maybe what they should not be. So Putin didn’t like this. He didn’t like this at all. And so what he did is he sent a couple of guys ex KGB, FSB, the secret police over in Russia by to visit this Google executive.
[01:03:47] If you’re the Google executive, what are you going to do? If you Google. Yeah, you’re going to say, oh my gosh, I’m out of here. So I’m not sure if she, if this executive was an American or Russian, this article doesn’t seem to be clear about it, but what happened is they said, okay let’s go hide.
[01:04:12] So they rented a hotel room for the. They put her in it and they rented the room under an assumed name. So it wasn’t the real name of the executive. It wasn’t tied into Google and they thought, okay, now we’re pretty safe. Cause you got a hotel security, I guess there are a couple of Google people hanging out with her and they felt pretty safe.
[01:04:35] What happens next? There is a knock on the door. These same agents, again, that are believed to be Russian secret. Police showed up at her room and told her that the cock was still ticking because they had given her 24 hours for Google to take down the app because Putin, dental. People weren’t particularly pleased with Putin.
[01:05:02] So at that point, of course it was forget about it. And within hours, Google had pulled down the app. Now you might complain, right? A lot of people might complain about it. It’s one thing for a company like Google or apple to capitulate, to a government to do maybe some censorship, like the great firewall of China.
[01:05:25] You might’ve heard of that where the Chinese citizens can’t get certain information. Russia has something pretty similar and us companies have gone ahead and helped build it, provided the technology for it and put it in place. They sold it to them. I don’t like that in case you didn’t guess, right?
[01:05:43] I’m all for free speech. I think it’s very important for any form of a democracy. No question about it, but these companies apparently don’t have a problem with that. However, now this is something, a little different. If you have employees who are being threatened and I mean threatened to serve 15 years in a Russian prison, what are you going?
[01:06:10] Are you going to say no, I’m going to leave that app up. And then now all of a sudden your executives, or even a coder, somebody a programmer, like the guy that sweeps the floors, whatever are you going to let them be arrested so that you can have this app up on your Google play store or your app store over the apple side?
[01:06:29] Probably not because frankly, this is something that is not worth it. So what are you. I think the only answer is what we’ve seen company after company do, and that is get out of Russia completely. And there was an interesting story. I read this recently about McDonald’s you might remember back in the Soviet days, McDonald’s worked out this deal with the Soviet union to open a McDonald’s right there in downtown Moscow.
[01:07:03] I guess it was pretty prominent. I don’t know if it was, I think I might’ve been even on red square and there were people like. To have an American hamburger and it’s been pretty popular the whole time. McDonald’s closed that store and pulled out of the country. Starbucks has pulled out, are they going to reopen?
[01:07:21] Cause I don’t think either one of them said, forget about it. We’re not coming back, but I know both of them have closed on operations. Automobile manufacturers from the U S have closed on operations. What is their choice? You can’t just go ahead and say, okay yeah. Okay. Yeah. You’re just going to arrest people or, we’ll keep quiet for now and come back later.
[01:07:42] What are you supposed to do? That’s part of the problem with these oligarchies, with these people who are basically all powerful. Now we actually see some of that here in the us, which is just as shame, just a shame because we see these companies going ahead and cutting out free speech saying, oh, you can’t say that there was a time where if you said masks work, that you would have been censored. And then there was a time where if you said masks don’t work. You cloth mass don’t work, you would have been censored. There was a time when you said masks aren’t necessary. You would have been censored right now, but the science is settled.
[01:08:27] It was just crazy. Science has never settled and oh, we could go on with this for hours and hours, but potent is not a good guy. And this article, I’m going to bring it up on the screen here again. But this article talks about. And a single year. And again, this is MSN. Potent had his political nemesis, Aloxi Novolin novel ne yeah, I got it right.
[01:08:54] He had him in prison after a poisoning attempt, felled to kill him. Do you remember that whole poison in attempt? Where they gave him this really nasty radioactive bride product, as I recall, and potent went ahead and basically shut down. They pushed all of these independent news organizations to the brink of extinction.
[01:09:17] Look at what happened with Russia today. The entire staff walked off on the. Saying, we’re not going to report on any of these lies that are coming out of Moscow. It’s happened again and again, Putin orchestrated a Kremlin controlled takeover of Russia’s Facebook equivalent, and he’s also issued liquidation orders against human rights organizations.
[01:09:43] And so all this is going on. What are you going to do if you’re. If you’re a Google, right? I can see the criticism of those countries or companies should say when they’re cooperating with the regimes, putting in place, things like facial recognition to, to spy on people, to have a social credit system, these great firewalls in these countries.
[01:10:05] But when you have something like this happen, I forget about it. There’s nothing you can do. And the crackdown is accelerated Facebook and Twitter were knocked offline by the government for millions of Russians news outlets had survived the state harassment for years, shut down in the face of a new law impose.
[01:10:26] 15 year prison sentences for spreading fake news. It’s incredible what has happened. And we’ve got to be careful here in the U S too, because we see this censorship, there’s a lot of complaints about what was happening under Donald Trump president and old Biden, both Obama and Biden.
[01:10:45] Both of those have done some of these same things to a lesser extent. Stick around. We’ll be right back.
[01:10:53] This whole war with the crane, Ukraine and Russia has brought a few things to light here over the months, and really the more than year that it’s been leading up to the beginning of that war even, but we’ve got clear view in the news again.
[01:11:09] So you can always follow along at rumble or at YouTube, but there’s a great article here.
[01:11:16] I have up on my screen for you to see. And this is from writer. Para carried over on MSN. And it is an exclusive story talking about Ukraine, using something called clear views. AI facial recognition. This to me is absolutely fascinating because what is happening. Is the technology that Clearview develop and has it been selling to police forces in the United States is being used on the battlefield and.
[01:11:51] How here’s what the technology did. And does Clearview illegally went on websites, major websites all over the world and did what we call scraping. Now, scraping is where they go to the site and they grab the pictures. So they scraped Facebook. They scraped you tube. They scraped. Dan and many more.
[01:12:18] And then they put it all into a big database that told them where they found it, who that person was. And then they also took that biometric information from that image of the face and came up with some unique codes, a hash basically is what they did. And. Now what Clearview is doing is if you are a police organization, you can get a little app that runs right there on your.
[01:12:46] And you have an encounter with someone you’re a policeman, right? Let’s say, and you just hold the camera up and it gets a picture of that person. It now finds the background information on them. And then you can use that tied into the police databases to check and see if there’s any record of this person.
[01:13:06] If they’ve been doing anything illegal. It’s really quite cool. What they’re able to do and scary at the same time, we use the same basic technology over in Afghanistan. So literary troops as they’re out, and they’re having encounters with civilians, people in the street fighters, et cetera. They could hold the device up.
[01:13:29] It would identify them. It went further than just the face that actually did retinal scans and things, all kinds of cool stuff, but basically recognize the face. And they were able to tell if this was a friend of foe or. So a friend might be someone who worked as a translator who has been known to be helping the us troops in Afghanistan, et cetera.
[01:13:53] So we built this huge database of hundreds, of thousands of people’s biometrics person, very personal information in it. And if they were getting paid even how much they’re getting paid, all of that was in the database, in the backend. And then we abruptly. And we left that equipment behind. I hope the database was destroyed.
[01:14:16] I haven’t found anything. Absolutely conclusive on it. That the withdrawal from Afghanistan was frankly unforgivable. It just I can’t believe they did what they did at any rate. This is Clearview. This is this company. So now that same technology has moved to Ukraine. What’s interesting. About this whole Ukrainian thing to me was okay, great.
[01:14:42] Now they can identify people. Can they really identify a pretty much everybody? Who are they going to identify? As it turns out clear Clearview also illegally stole photos of people over in Russia and in Ukraine. So the clear view founder said that they had more than 2 billion images from. How’s that right from this social media service called V contact a or somebody like that out of a database of 10 billion photos total.
[01:15:16] So one out of five of the pictures they scraped was Russian, which surprised me. So the Ukrainians have been using it to identify dead Russian. And it’s, they’re saying it’s much easier than matching fingerprints even works. If there’s facial damage, it’s scary to think about right. Wars, terrible.
[01:15:38] Who wants to go to war? I can’t believe all of the people that want to jump in there. I really feel for these people in Ukraine, what can we do? I’ll start proximal interest. Research for the department of energy, found the decomposition, reduce the technology’s effectiveness while a paper from 2021 showed some promising results.
[01:16:01] Now, this again is an example of technology being used in a way it’s never been used before. And having that ability to identify dead or living combined combatants on a field like this is just amazing. So this is the most comprehensive data set. There’s critics, of course, they’re saying that the facial recognition could misidentify people at checkpoints, obviously.
[01:16:29] Could miss identify people in a battle mismatch could lead to civilians. Just like unfair arrests have risen from police use. And that’s from Albert Kahn, executive director of surveillance, technology oversight, product project in New York. So as usual, these things can backfire and I think they probably will given a little bit of time and that’s a sad.
[01:16:56] Now I also want to talk about this. This is cool. Another article here, I’m pulling up on the screen right now, and this is about some hackers. Now we know that the Kremlin has been lying. Do we know that if a politician’s lips are moving their line, right? Isn’t that the old standby, but Russians apparently don’t know this.
[01:17:22] And the average Russian on the street is thinking that, okay, we’re rescuing Ukraine. Isn’t that just a wonderful thing? There’s a couple of ways that the hackers have been getting around it. It’s called a squad 3 0 3. They have this tool that’s hosted at the domain. 1920 dot I N. There’s an Indian domain and it loads a pre-written statement in Russian into your native SMS app.
[01:17:54] In other words, the app that you use for texting and the idea is they that they’ve taken, oh, let’s see here. Tens of thousands of trying to remember the exact number of stolen phone numbers from Russia. So all of those hacks that we’ve talked about for all of these years, those hacks have many of them phone numbers in them.
[01:18:18] And they’ve been taking those phone numbers from some of those hacks and using them to send out about 6.5. Million text messages. So what happens is you, your phone, your actual phone ends up sending a text in Russia saying something to the effect of dear Russians. Your media is being censored. The Kremlin is lying.
[01:18:43] Find out the truth about Ukraine on the free internet, and then the telegram app time to overthrow dictator. Yeah, that’s not going to cause any problems, is it right? I’ll put that up on the screen again for people who might read Russian. Cause it’s got it in Cyrillic. Okay. And then you have the option to get an, another set of text and figure it out.
[01:19:05] So the phone number, you can see there, you can copy it and paste it into your app and off the message goes. It’s very cool. And in the daily dog, They’re quoting a member of this squad 3 0 3 saying that this is a non-violent communications project. It’s bypassing Russia’s crackdown on the news.
[01:19:26] They’re sensitive. They’re censorship of the news. And by the way, the domain 1920 dot. Refers to Poland’s surprise victory against Russian forces just after world war one and the Bolshevik Menshevik revolution. You might remember all that stuff, that you studied all those years ago. So it’s interesting.
[01:19:47] We’ll see what happens. But this hacking group also claimed that they were attacked probably again by Russian hackers, the FSB ex. Using a distributed denial of service attack shortly after launch. And they put CloudFlare in front of their domain. Now we use CloudFlare for one of our, something, not one, but some of our customers.
[01:20:15] What CloudFlare is a website that’s designed to basically buffer your website when it’s been served. So if all of a sudden you get a ton of legitimate request, your site’s going to stay up. It’s going to be able to respond to people. The other big advantage to CloudFlare is what’s happening here with 1920, Diane CloudFlare goes ahead and will block some of these denial of service attack.
[01:20:43] So I think that’s pretty darn cool. Many texts apparently are met with silence. Some say they’ve been able to converse with Russian citizens. One user who remained anonymous said they had made. The text messages they’d made using the tool really worked it says, I want the people of Russia to know the truth.
[01:21:03] The government is doing to the people of Ukraine. This is a quote from the daily dot going to pull this up too. This is a a tweet here on Twitter and. Yeah, it’s from anonymous. That hacker group, you’ve probably heard of them before. Cause they’ve done a lot of nasty stuff over the years, but he says it’s been doing just absolutely amazing things for him.
[01:21:27] Let’s see here. Can we hear this? Here we go. Ah, I got to unmute it. Let’s see. Where is my mute? There it is. So this guy’s name is Rodney. He is. D Jang, oh my dog. Get to Django my dog. And he’s got a really great little testimonial there about that. It works and his tweet has had 4,300 views and it’s good.
[01:21:54] Again, another way around censorship now, Twitter, of course could decide they’re going to sensor and that could be a problem too, but that’s also why we now have alternatives to Twitter. And some of these other sites that are out there that are doing a whole bunch of blocking really, they don’t like you.
[01:22:15] And by the way, the reference to Telegraph was fascinating because they are using. In order to get around censorship. Again, many people are using it to to send information about what is really, truly happening in Ukraine. So a lot of stuff from the beginning of the war here, visit me online. Craig peterson.com.
[01:22:38] Get my newsletter and get the free up-to-date trainings.