Is Your Firewall Actually Protecting You?
What Should You Be Doing?

New stats are out this week. So what’s the number one vector of attack against us? Our Firewalls. And they’re failing.

So, what’s going on. And what can you do about it?

[Automated transcript follows]

[00:00:16] And of course, I’m always talking about cyber security, because if you ask me that is one of the biggest problems we have in business.

[00:00:27] Today. Well, yeah, you got to find employees. In fact, uh, it’s almost impossible to find them in the cyber security space as well. And it’s been hard for years. So I try to keep you up-to-date here. We’ve got boot camps that are coming up and you are really going to like them. We’ve been working on some supplemental materials for it.

[00:00:47] And of course these boot camps are always free, so you can join it. You can have your friends come and learn the. Basics. It’s not one of these high sell things. Right. I, I got a little letter in the mail this week saying, Hey, you can come and get a free steak dinner. And of course it’s kind of like a timeshare, right?

[00:01:09] Jay, you have to listen to the pitch. Yes. Stay over. On us. And you are going to be sitting there for four hours listening to this crazy pitch that’s going on. That’s not what my bootcamps are. Anybody that’s been to. One of them will tell you we work on it. I explain it. You know what you have to do, how you have to do it, the wise, the winds, the wherefores.

[00:01:35] So if you would like to learn more for yourself, Make sure you sign up Craig peterson.com sign up for my newsletter. And when a bootcamp is coming up, I will be sure to tell you about it in the newsletter so that you can attend. And it’s important to, to understand that this is yeah. Aimed at business, the, these boot camps, but almost everything businesses have to do or shouldn’t be doing the same thing applies to you in your.

[00:02:08] So, if you are a small business person, if you’re someone who has some it experience, and you’ve been assigned to worry about cyber security, this is for you. If you are a very small business and you’re kind of the Jack of all trades, and you’ve got to worry about cybersecurity, this is for you. And I just got.

[00:02:31] This week from someone on my email list who is retired and she was talking about her husband and her, they don’t have any kids, no errors. They’re trying to protect their financial investments. And of course I responded saying, Hey, I’m not a financial investment advisor, but I can certainly give you some cyber security input, which I did.

[00:02:53] And you can ask your questions as well. I’m more than glad to hear them. And you probably, if you’ve sent them in, you know, I always answer them now. My big man, a few days might take me a week, but I will get around to it. And I try and respond to the emails. Sometimes I answered here on the radio show or on my podcast, but usually it’s via email me.

[00:03:17] At Craig peterson.com. And of course, that’s also on my website, Craig peterson.com. And that’s also my name Craig Peters on.com. So let’s get into the firewall thing. When you have a network, you are connecting that network to your computers, maybe. To your security cameras, to your printers that you have, maybe there’s a lock system.

[00:03:44] Maybe there’s more, all of this stuff is interconnected and it’s all rather well and good. You can have a whole lot of fun with it, but it is not as particularly good if you can’t get out to the internet. So what do we do? We hook our network, whether it’s home or if it’s business to the internet. Now, you know, all of this stuff so far, right?

[00:04:06] You’re following me. The internet is actually inter connected networks. In case you didn’t know, there are now millions of networks that are connected on the internet. There are core networks out there. We were my company like number 10,000. I think it was, uh, a S an R a S number autonomous system. So we were fairly early on.

[00:04:32] And of course, as you know, I’ve been on the internet in various forums since the early 1980s and helping to develop the protocols, but it is important to remember it is an interconnected network of networks. You might ask why? Well, the bottom line is you aren’t connecting your network with other networks that have malicious software on them.

[00:04:58] Maybe they’re just poorly configured. Maybe they’re causing a denial of service attack effectively because there’s so badly configured. But whatever the case may be, you are still exposed. If you look at the traffic that’s coming to your router. So your router is sitting at the edge of your network connected to your internet service provider.

[00:05:19] So it might be Comcast or Verizon or a whole slew of others. But your network is connected via a router. Then the router knows how do I get my data from the input to the output or from the output to the input, if you will upstream and downstream data, that’s what the router is for. And if you look at the data on your router and most of us can’t, but if you were able to, what you will see is hundreds of thousands of internet packets coming to, and from your.

[00:05:55] Router your endpoint every day. Usually these are bad guys doing what are called scans. They do port scans. They’re primarily looking for services. So what do you, do you have a firewall now in many cases, you’ll get a device from your Janette service provider that has a router built in and has a firewall built in, and it has wifi.

[00:06:19] All of this stuff, all built in together makes life all nice and warm and fuzzy and Catalina, doesn’t it. But in reality, it’s not necessarily a good thing to have it all in one, because you’re definitely not going to get the best of breed and router or firewall or wifi, but that’s a different story. What is that firewall for that router?

[00:06:41] Of course, it’s getting all this internet traffic and anything that’s on the internet that is. I’m trying to get to you is going to go through the. And anything that you are trying to send up to the internet, like for instance, to try and get a web page or something is also going to go up through that router.

[00:07:02] So how do you protect yourself time? Was that there wasn’t really much of a way to protect yourself. And frankly, there weren’t a lot of reasons. To try and protect yourself. And the internet was just this wonderful open thing, lots of fun and played around a lot. Back in the early nineties, it was, it was just a joy in the late eighties to, to be connected up to the internet and then bad guys started doing bad things.

[00:07:30] We took the concept of what you have in an automobile and applied it to the. If you’re driving your car, your in the passenger compartment and that passenger compartment is hopefully warm in the winter and cool in the summertime. And you are protected from that big mean nasty engine that’s in front of you, or if you’re driving an electric car from those mean nasty batteries that are probably below you in that car and what’s between you and the.

[00:08:04] Of course a firewall. And the idea is to keep the nastiness of that engine, all of the heat, the oil, the grime, the wind, everything else is associated with that engine. Keep that away from you so that you can now drive that car just comfortably in that controlled climate of the passenger compartment, that concept was then applied to the inter.

[00:08:30] And in fact, I designed and implemented one of the first firewalls ever made way back when and the firewall in the internet Partland is very similar to the car in the car. You have some protrusions through that fire. Don’t you, you you’ve got a steering wheel. How does that get up to the front of the car?

[00:08:53] Well, it goes through the firewall and around that steering wheel, of course there’s some EBDM, some rubber type stuff that helps stop anything from coming through right next to that steering column. Same, thing’s true with the brake pedal and the gas pedal. At least it used to be. Nowadays, it’s so much of this as drive by wire, that the only thing going through the firewall is a wire and there’s no mechanical linkage.

[00:09:24] Unlike my car, which is a 1980 Mercedes-Benz diesel. Where yes, indeed. Direct linkages to everything. So the firewall in the cars protecting you from the nastiness in the engine compartment and the firewall, when it comes to your internet is doing something very similar. Think about your house for a minute, you have a house with doors and windows.

[00:09:53] I would hope. And a chimney and maybe a couple of other protrusions that are going outside of the house. Well, you have some similar problems and when it comes to the internet and when it comes to the firewall, With your house, sir. Sure. You could post a guard out front, a whole series of them. You’ve got a dozen guards out front and they are all guarding that front door.

[00:10:19] But if no, one’s watching the back door, if no one’s paying attention to the windows, there’s still ways for the bad guys to get in. And that’s what we’re going to talk about. How does the internet firewall tie into this analogy of cars and the analogy of your home? Because it’s a very important point when you get right down to it.

[00:10:44] We need to understand this because the number one tactic reported this week by MITRE and Cisco is exploitation of public facing application. So I’m going to explain what that is. What’s your firewall can do for you and what you should do for your firewall. A stick around. We’ve got a lot more coming up.

[00:11:09] I want to invite you to go. Of course, right now, online to Craig peterson.com. Once you’re there, just sign up for mind’s newsletter. Simple Craig peterson.com.

[00:11:25] This week, we found out what the top five tactics are that are most frequently being used by bad guys to attack us. This is done by MITRE and Cisco systems. Number one, public facing applications. What does that mean?

[00:11:42] We’ve been talking about this report, but really what we’ve been delving into is how data flows on your network, whether it’s a home network or maybe it’s a business network, how does this whole mess work?

[00:11:58] And when miters talks about the biggest problem here, 91% of the time being what’s called an exploit of a public facing application, what does that mean? We went through the basics of a firewall and a router. So all of the data coming from the internet, coming into the router, then handed to the firewall.

[00:12:24] Any data going out, goes into the firewall. And then the. So that’s the pretty simplistic version. And of course the firewall on your network does a similar thing to the firewall in your car. It stops the bad stuff, at least it’s supposed to, but your home and your car both have different ways of getting.

[00:12:48] Past the firewall in the house. It’s your doors and your windows in the car. Of course, it’s where the steering column goes through where the brake pedal and the gas pedal go through the clutch, all of that stuff that perch, um, permeates, it goes through. That firewall. And of course, you’ve probably, if you’re been around for awhile, you’ve had leaks coming through your firewall and, uh, you know, how poorest they can be sometimes.

[00:13:18] Well, we have the same type of thing on our internet firewalls. Every home has doors and what we call the doors in on the internet is similar to what they call them. On the, in the Navy, on the water, the reports. So think about a porthole in a boat, or think about a, a door, a port, which is the French word for door.

[00:13:45] What happens on the internet? For instance, if you’re trying to connect to Craig peterson.com, you are going to connect to a specific port on my server. So the address typically, uh, is going to be resolved by DNS. And then once it gets to the server, you can connect to port 4 43. You might try and connect to port 80, but I’ll do a redirect, but that’s neither here nor there.

[00:14:12] So you’re going to connect to that port four 40. So my firewall has to say, Hey, if somebody is coming in and wants to get to port 4 43, which is called a well-known port, that’s the port that all web server. Listen on. So if someone’s trying to get to my port, my web server on port 4 43, let them in. But if someone’s trying to get to another port, don’t let them in.

[00:14:48] Now there’s multiple ways to respond or not respond. I can talk about that right now. That’d be for deep dive workshop, but the idea is. Each application that you are connecting to, or that your providing has. Part of the problem that we’ve been seen. And this is a very big problem is that people are not changing the administrative passwords on their machines.

[00:15:20] So administrative passwords mean things like admin for the username and admin for the password on your firewall. So. Your firewall, if you have what’s called when admin enabled, what that means is someone on the wide area network. In other words, The internet, someone on the internet or on the, when can connect to your firewall and control it.

[00:15:51] This is, as you can imagine, a very big thing, and it is something that we cover in one of our workshops, explained it all and all of the details and what to do, but most businesses and most people have not properly configured their firewalls. When we’re talking about number one, problem, 91% of the time being an exploit against public facing applications.

[00:16:18] What that means is they could very well just be trying to connect to the administrative interface on your firewall. Unfortunately, they will often offer. Change the software on your firewall. So they won’t just reconfigure. They’ll just change it entirely. And they’ll do all kinds of evil things. Again, we’re not going to get into all of that and what to look for and what can happen.

[00:16:44] But number one thing everybody’s got to do, and I saw some stats this week as well, that made me want to bring the. Most people and most businesses about two thirds have not changed the default passwords on the hardware that they have. Now it can understand sometimes the kids confusing. No question about.

[00:17:07] But if you don’t change the password on something that’s public facing, in other words, something that can be reached from the internet or again, the wide area network. I know there’s a lot of terms for this, but something that someone else can get at from outside your network. And it’s the default password like admin admin, you could be in a whole lot of.

[00:17:35] So check that right now, please double check that triple check that because even if you have a router from a big internet service provider, again, like the Comcast Verizon’s, et cetera of the world, they will almost always have it set up. So you can change that administrative password and Jewish. Now I, again, for clients, I have some different advice than I have for, for just regular users, but make sure you change that.

[00:18:09] And here’s the second part of the problem. What happens if you have a business and let’s say you’re not hosting your own website, like I’ve been doing for a couple of decades and how three 30 years, I guess now. Um, and so you’ve got your website hosted at some. Web height site, hosting place, you know, Gator or one eye and one eye and one or GoDaddy or whatever.

[00:18:35] Okay. So, okay. That’s fine. So let’s not inside our network. Uh, w we don’t worry about the security because that’s the vendor’s problem. Now we’re talking about, okay, what happens. My users who need to work from home. This gets to be a very big problem for so many people, because work from home is important.

[00:19:00] So what are you going to do? Well, basically in most cases, unfortunately, businesses are just exposing an application to the internet. So they might, they might. Terribly configured networks, where there is a direct connection that goes right to the files. So you connect to a port on their firewall and it immediately redirects it internally.

[00:19:30] Remaps it to the file server. And some people are really, really clever. Alright. Or so they think, because what they’ll do is they’ll say, okay, well, you know, that, that normal port number. Okay. So I’m going to move. Port number. So you’re going to connect to port 17, 17 on my firewall, and it’s going to connect you to the file share on my file server so that people from home can just connect to port 17, 17, and ta-da, there are all the files and yeah, we’re, we’re using passwords, so it’ll be okay.

[00:20:06] It’ll be fine. Um, but, uh, guess what it isn’t for a few. Different reasons are we’re going to be talking about those here in just a minute. Yeah, I want to encourage you right now. Take a minute. Go online. Craig peterson.com. You’ll find lots of information there. I’ve got 3,500 articles, all searchable, Craig peterson.com.

[00:20:32] But more importantly, make sure you sign up for my newsletter. Craig peterson.com/subscribe. So that you can keep up to date on everything that is important in all of our lives.

[00:20:51] We’re talking about firewalls at home at the office, what it means to have public facing services, really applications, people working from home. How can you make it easy for them and hard for the bad guy?

[00:21:15] Many businesses had to quickly change the way their computers were set up because of course the lockdown and people working from home.

[00:21:26] And, um, unfortunately. Many mistakes were made. And some of this, in fact, I’m going to talk a lot of this problem up to these managed services providers break, fix shops. My, my fellow information technology contractors, if you will, because they didn’t know any. Most of these people have been computer people, their whole lives, right.

[00:21:55] They played with PCs when they were young and they might’ve taken a course or two and wow. MCSC certified. Believe me, this is not something that a straight up MCSC or. And frankly, most of the it certifications can really understand or really handle the cybersecurity can be done, but there’s so many things they overlook just like what I was just talking about, exposing a file server directly to the internet.

[00:22:29] I mentioned, okay. While they thought it was going to be safe because there’s a username and password, but there’s a couple of huge problems here. Problem. Number one. When you’re exposing a service to the internet, like for instance, the files server, you are exposing software that may have exploitable, but.

[00:22:54] And again, going back to those stats from earlier this week, more than half of all of the systems that are out there are not patched to date. It’s so bad that president Biden just ordered the federal government agencies to apply patches some as old as three years. So what happens now? Well, the bad guy scan, and guess what they found.

[00:23:23] Port that you thought was just so clever because it wasn’t the standard port number for that service. Maybe it’s SMB or CIFS or something else. And, uh, they found it because they scan, they look, they see what the response is that tells them what type of a server sitting there. And then they try, well, let me see.

[00:23:45] There’s the zero day exploits, but why bother with those? Let’s just start with the good old standard ones. And unfortunately, because so many machines are not patched up at all, let alone properly patched up. You, they end up getting into the machine. It’s really that simple, just because it’s not patched up.

[00:24:08] How does that sound? Huh? Yeah, it’s just plain, not patched up. It’s not available for anyone to be able to use anybody to be able to access. Right. It there it’s not restricted. So the passwords don’t matter if you haven’t patched your systems. And then the second problem is that. Are brute force attacks against so many servers out there.

[00:24:36] And most of the time, what we’re talking about is Microsoft, but, you know, there’s the share of bugs kind of goes around, but Microsoft and really, they get nailed a lot more than most beet, mainly because they’re probably the number one out there that’s in use today, not in the server community, certainly, but certainly also in the.

[00:24:59] It’s been, you know, small businesses, that’s all they know. So they just run a Microsoft server and more and more, you kind of have to run it because I, I get it. You know, there’s so many apps that depend on the various functions that are provided by the active directory server at Microsoft and stuff. So we, we do that for our customers as well.

[00:25:19] So are you starting to see why the brute force against a server will often get them in and the smarter guys figure out what the business is? And then they go to the dark web and they look up those business emails. Addresses that they have that have been stolen along with the passwords that were used.

[00:25:43] That’s why we keep saying, use a different password on every site because that stolen password now. Is going to be tried against your service, your, your file server. That might be there. You might be trying to have a VPN service that the people are VPN in from home. You might have remote desktop, which has been.

[00:26:08] Abject failure when it comes to cybersecurity, it’s just been absolutely terrible. So you might have any of those types of things. And if they’ve got your email address and they’ve got the passwords you’ve used on other sites, which they’ve stolen and they try them, are they going to work? Odds are yes, because most people, I got another set of stats this week.

[00:26:36] Most people use the same password for every site out there or every type of site. So they might get a second, most common is they use one password for all of their social media sites. They use another one for all of their banking sites. So we cover this in some depth in our bootcamp so that you understand how to do the whole password thing.

[00:27:03] And what I recommend is a piece of software called one password. I don’t recommend that you just use one password for everything. I was misunderstood by someone the other day. You mean just w w I use one password for everything. Yeah, you do. And then I talked to them a little bit more because I thought that was an odd question.

[00:27:24] And it turned out, he was thinking, you just have the one password, like, like, you know, P at sign SSW, zero RD. Right? You use that everywhere. No, there’s a piece of software go to one password.com. That’s what I recommend as a password manager. And I show you how to use that and how to use it effectively in my bootcamp.

[00:27:48] Absolutely free. Just like the radio is free. I’m trying to get the information out to as many people as possible, but you gotta be on my list. Craig peterson.com. Make sure you go there. So I’ve explained the basics here of what happens. We have a door open or windows, open ports on our servers, on our firewalls at home.

[00:28:15] And at work. So the thing to do, particularly if you’re a business, but even if your home user is check that firewall configuration. And let me tell you something that probably won’t come as a surprise. Most of these internet server. The providers are in the business to make as much money as possible. And cybersecurity is very much secondary.

[00:28:40] They know they talk about it and they talk about software defined networks and things that sound really cool. But in reality, what they give you is. Configured very well and is going to expose you. So make sure you go in, they will set it up. For instance, if they’re providing you with television services, they’ll set it up so that they can just bypass your firewall and get into the cable box that they installed in your house.

[00:29:09] Yeah. Obviously that’s not something they should be doing because now they are opening you up to attack. What happens when there’s a cybersecurity problem with the cable box? We’ve seen this problem too, with television vendors where they poke a hole out through your firewall so that they can then gather statistics and do firmer updates and everything else.

[00:29:34] It’s insane. It really is. These vendors are not thinking about you. They’re not thinking about the consequences. It is a very, very sad situation, but now you know what to do and how to do it. Okay. I explained today, firewalls. I explained router. I explained ports, which should be open, which should not be open.

[00:29:58] And the reasons why I even mentioned passwords, I get into that in a lot of detail in my bootcamp, Craig peterson.com to get on that waiting list. Craig peterson.com, just subscribe and you’ll be kept up to date.

[00:30:14] There has been a whole lot of discussion lately about Metta. You might’ve heard. In fact, you probably did that. Facebook changed its name to Metta and they’re aiming for something called the metaverse. So what is it exactly and what’s it going to do for or to you?

[00:30:32] The metaverse oh my gosh. I had a great discussion this week about the metaverse this came out in, um, and originally anyways, in this novel called the what was it now?

[00:30:47] A snow crash. That’s what it was 1992, Neil. Stevenson or Steffenson. I’m not sure how he pronounces it, but in this book, which was a cyberpunk model and I’ve, I’ve always thought cyber punk was cool. Uh, is the metal versus an imaginary place that’s made available to the public over the world wide fiber optics network.

[00:31:13] And it’s projected onto virtual reality goggles sound familiar yet. And in the. You can build a buildings park signs as well as things that do not exist. In reality, such as vast hovering overhead light show, special neighborhoods were three where the rules of three-dimensional spacetime are ignored and free combat zones where people can go hunt and kill each other.

[00:31:42] Great article about this in ARS Technica this week. And, uh, that was a little quote from the book and from the article. Phenomenal idea. Well, if you have read or seen the movie ready player one, and I have seen the movie, but a friend of mine this week said the book is so much better. So I’m going to have to read that book, ready player one.

[00:32:06] But in it, you have these people living in. Dystopian future where everything is badly worn down, the mega cities, people building on top of each other and they get their entertainment and relaxation and even make money in. Prison time by being inside this virtual world, they can go anywhere, do anything and play games, or just have fun.

[00:32:39] One of the vendors that we work with at my company mainstream has this kind of a virtual reality thing for. I kind of a summit, so people can go and watch this presentation and I think it’s stupid, but they, you walk in. And it’s, uh, this is just on a screen. They’re not using like those Oculus 3d graph glasses, but you walk into an auditorium.

[00:33:13] So you’ve got to make your little avatar walked on. Dun dun, dun dun, dun, dun, dun, dun, dun, and then go to an empty seat. And then you have to make your avatar sit down. Right? I, I have never played a game like this. I never played second life. Never any of that sort of thing. It was kind of crazy to me. And then I was doing a presentation, so I had to go Dundon then, then, then the, up onto the rostrum there and stand behind the podium and, and then put my slides up on this virtual screen.

[00:33:49] It was ridiculous. I have a full television production studio here in my, in my lab. Right. And that’s, this is where I do the radio show. This is where I do my television appearances. This is where I do pretty much everything. Right. And so what I can do is I can split screen with my face, with the desktop.

[00:34:12] You can see my desktop, I can draw on it, circle things, highlight things or whatever I want to do. Right. But no, no, no, no. I was in their virtual reality. And so all I could do is. I have the slides come up. In fact, I had prepared beforehand, pre-taped it? A, the whole presentation, but I couldn’t play that video.

[00:34:37] No, no, no. I had to show a slide deck, you know, death by PowerPoint. I’m sure you’ve been there before. It’s very, very frustrating in case you can tell for me, well, we’ve seen this type of thing. I mentioned some of the things like that. I’m in second life. I’m sure you’ve heard of that before. Sims is another one you’ve probably heard of before.

[00:35:01] These types of semi metaverses have been around a very long time. And, and in fact, all the way on back to the nineties is Habbo hotel. G I don’t know if you ever heard of that thing, but it was non-line gaming and social space. I helped to develop one for a client of mine back in the early nineties.

[00:35:23] Didn’t really go very far. I think it was ahead of its time. It’s it’s interesting right now, enter. Mark Zuckerberg. Do you remember a few years ago, mark Zuckerberg had a presentation. He was going to make this huge announcement, right? They bought Oculus. What was it? It was like crazy amount of money. And then he came in the back of the hall.

[00:35:50] And nobody noticed he walked all the way up to the front and nobody even saw him because they were all wearing these 3d glasses. And of course, today they are huge. They are awkward and they don’t look that great, the pictures inside, but the idea is you can move your head around and the figures move as your head moves, almost like you’re in the real world.

[00:36:13] And that’s kind of cool and people thought it was kind of cool and they didn’t see Zuckerberg because they all had these things on. And the inside was playing a little presentation about what Facebook was going to do with Oculus. Well, they just killed off the Oculus name anyways here a couple of weeks ago, over at Facebook about the same time that got rid of the Facebook name and went to meta.

[00:36:39] The Facebook product is so-called Facebook and it appears what they are going to be doing is taking the concept of a metaverse much, much further than anyone has ever taken it before. They’re planning on there’s speculation here. Okay. So, you know, don’t obviously I don’t get invested. I don’t give investment advice, investment advice.

[00:37:10] Um, but I do talk about technology and, uh, I’ve been usually five to 10 years. I had so take that as well. They as the grain of salt, but I think what they’re planning on doing is Facebook wants to become the foundation for Mehta versus think about things like world of Warcraft, where you’ve got the. Gain that people are playing.

[00:37:39] And it’s a virtual reality, basically, right? It might be two D, but some of it’s moving into the three-dimensional world. Other games like Minecraft and roadblocks, they have some pretty simple building blocks that people can use network effects and play your creativity to make your little world and the ability.

[00:38:04] To exchange and or sell your virtual property. That’s where I think Mr. Zuckerberg is getting really interested now because if they can build the platform that everybody else the wants to have a virtual world builds their virtual world on top of. Man, do they have a moneymaker? Now? People like me, we’re going to look at this and just poo poo it.

[00:38:35] I I’m sure I’m absolutely sure, because it will be another 20 years before you really think it’s. You know, some of these scifi shows have talked about it. You know, you can feel someone touching you, et cetera, et cetera. Yeah. That’s going to be very crude for a very long time. And now CGI is pretty good.

[00:38:57] Yeah. You watch the movies. CGI is great, but that takes weeks worth of rendering time on huge farms, clusters of servers. So it’s going to take quite a while. Looking at the normal advancement of technology before this really becomes real. Now there have also been us court cases over who owns what in bad happened with Eve online.

[00:39:28] Second life where disagreements over player ownership of the virtual land created by the publisher, which was Linden labs. When. And I’ve also mentioned in the past how our friends over at the IRS have tried to tax some of the land that you own inside these virtual worlds. So ownership, do you really own it?

[00:39:55] Does it really exist? What would non fungible tokens maybe it does. And these non fungible tokens are. Basically just a check, some verification, I’m really oversimplifying of some sort of a digital something rather lately. And initially it was mostly pictures. And so you had a picture of something and you owned that and you could prove it because of the blockchain behind it.

[00:40:27] But I think this is where he’s really interested because if he can build the base platform. Let the developers come up with the rules of what’s it called it a game and come up with what the properties look like and how people can trade them and sell them and what kind of upgrades they can get. Right.

[00:40:48] So let’s nothing Zuckerberg has to worry about. Uh, Metta or Zuckerberg then worries about, okay. So how do we collect money for these? How do we check with the transactions? Uh, somebody wants to buy those sort of Damocles. How does that transaction work and how do we Facebook Metta? How do we get a slice of the act?

[00:41:16] You got to believe that that’s where things are going. And if they have the ability to make this base platform and be able to take characters from one part of a developer to another part of the developer, you could have worlds where Gandalf might be fighting bugs bunny. Right? Interesting. Interesting and Warner brothers, all these movie companies would probably be coming out with complete virtual reality.

[00:41:49] So when you’re watching James Bond, you’re not just watching James Bond, you can look around, you can see what’s happening. People sneaking up behind. And ultimately you could be James Bond, but that’s decades away. I think a good 20 years. All right, everybody. Thanks for sticking around here. Make sure you go online.

[00:42:11] Craig peterson.com/subscribe. Get my weekly newsletter. Find out about these free boot camps and other things that I have. So we can keep you up to date and keep you safe.

[00:42:25] We already talked about Metta and their name, change the metaverse, but there’s something else. Facebook did this last week that surprised a lot of users, something they started in 2010, but has been controversial ever since.

[00:42:41] We had a pretty big announcement, frankly, this last week from our friends over at Facebook, not the one where they change their name and the.

[00:42:51] Basically trying to create a metaverse platform. That’s going to be the one platform that rules the world. Although those are my words by the way. But Facebook has announced plans now to shut down a decade old. Facial recognition system this month. We’ll see what they do with this. If they follow through entirely, but they’re planning on deleting over 1 billion faces that they have already gone through and analyzed.

[00:43:26] You might remember. In 2010, Facebook had a brand new feature. It started announcing, Hey, did you know that so-and-so just posted your picture? Is this you? Is this your friend, is this sewn? So do you remember all of those questions? If you’re a Facebook user back in the day? Well, they were automatically identifying people who appeared in digital photos and suggested that users or users tagged them with a click we’re going to get to and admitted here.

[00:43:57] Uh, and of course that then linked the Facebook account for. The picture that you tagged to the images and let that person know. And of course Facebook’s ultimate goal is to get you to stay on long, as long online, as long as possible. Because if you’re online, you are going to be looking at ads that are aimed primarily at.

[00:44:18] Well, facial recognition has been a problem. We’ve seen it a worldwide. I just read through a restatement from the electronic frontier foundation, talking about facial recognition and the problems with it, how some people have been arrested based on facial recognition and held for over a day. We’ll have cases where the police use to kind of a crummy photograph of them from a surveillance video sometimes also from a police car, in some areas, the police cars are continually taking video and uploading it to the internet, looking for things like license plates, to see if a car.

[00:45:00] Parking ticket that hasn’t been paid or it hasn’t paid us registration all the way through looking at faces, who is this person? And some in law enforcement have kind of thought it would be great to have kind of like Robocop. You remember Robocop, not the ed 2 0 9. There was also in that movie. That’s also very scary, but when they look at someone who’s on a street at autonomous.

[00:45:24] Pops up in their glasses, who it is, any criminal record, if there any sort of a threat to et cetera. And I can understand that from the policemen standpoint. And I interviewed out at the consumer electronic show, a manufacturer of. That technology, it was kind of big and bulky at the time. This was probably about six or eight years ago, but nowadays you’re talking about something that’s kind of Google glass size, although that’s kind of gone by the wayside too.

[00:45:54] There are others that are out there that you. Facial recognition. Technology has really advanced in its ability to identify people, but you still get false positives and false negatives. And that’s where part of the problem becomes from they have been taking and they been private companies primarily, but also some government agencies they’ve been taking pictures from.

[00:46:21] They can find them. We’ve talked about Clearview AI before this is a company that literally stole pitchers, that it could get off the internet. They scan through Facebook, Instagram, everywhere. They could find faces and they tied it all back in. They did facial recognition. On all of those photos that they had taken and then sold the data to law enforcement agencies.

[00:46:49] There’s an app you can get from Clearview AI. That runs on your smartphone and you can take a picture of someone in the street, clear view. AI will run that face through their database and we’ll tell you who it is, what their, what their background is, where their LinkedIn page is their Facebook page, wherever it found them online.

[00:47:13] Basically what they’ve been doing. Now Clearview had a problem here this last couple of weeks because the Australian government ordered them to delete all facial recognition, data belonging, to anyone that lives. In Australia. Now that’s going to be a bit of a problem for clear view, because it’s hard to identify exactly where people live just based on a photograph.

[00:47:40] And the United Kingdom is also considering doing this exact same thing. Now, clear views have been sued. They violated the terms of service from Facebook and some of these other sites that I mentioned, but they did it anyway. And clear view was. To destroy all the facial images and facial templates they had retrieved about any Australian.

[00:48:08] I think that’s probably a pretty good idea. I don’t like the idea of this data being out there. Well, if your password is stolen and we’re going to be talking about that in our bootcamp, coming up here in a couple of weeks about how to determine if your username or your password is stolen. But, uh, and of course, if you want to get that.

[00:48:29] Bootcamp and go to that. There’s no charge for it, but you have to know about it. And the only way is to sign up. You have to make sure you’re on my email list@craigpeterson.com. But what happens when your email address is stolen or your password, or both are stolen from a web. Oh, typically they end up on the dark web.

[00:48:50] They sell personal identification for very little money. In some cases it’s only a few dollars per thousand people’s identities. It is absolutely crazy. So the bad guys are looking for that information, but you can change your password. You can change your email address, but if your facial information is stolen, Can’t change your face.

[00:49:18] If your eye print is stolen, you can’t change your eye. I have a friend who’s pretty excited because he got to go right through the security at the airport ever so quickly. Cause all they had to do was scan his eyeball. Well, that data is valuable data because it cannot be changed. And it can, in some cases be replicated.

[00:49:41] In fact, the department of Homeland security and the transportation safety administration had the database of face print stolen from them in 2019. To about 200,000 people’s identities were stolen, the face sprints. It’s just absolutely crazy. And this was some, a vendor of us customs and border protection.

[00:50:05] And it, it, you can’t write down to it. I read the detailed report on it just now. And the report that came out of the federal government said, well, it went to a contractor who. Took the data, all of the face prints off site over to their own site. And it wasn’t encrypted when they took it over there. But it does mention that it was taken from an un-encrypted system at customs and border protection.

[00:50:34] So wait a minute. Now you’re blaming the contractor that you hired because it wasn’t encrypted and yet you didn’t encrypt it yourself either. I, you know, I guess that kind of goes around, but they want to. They want your biometric information just as much as they want anything else. Think about your phones.

[00:50:53] Nowadays, apple has done a very good job with the biometrics and the fingerprints and making sure that that information is only ever stored on the phone. It never goes to apple, never leaves the phone it’s in what apple calls, the secure long term. And if you mess with it at all, it destroys itself, which is part of the problem with replacing a cracked screen yourself on an iPhone, because you’re going to disturb that secure enclave and the phone will no longer work.

[00:51:24] That is not true when it comes to many other devices, including most of your Android phones that are out there. It is. So if the bad guys have. Your face print, they, and they can create 3d models that can and do in fact, go ahead and fool it into letting you in that that’s information they want. So why are we allowing these companies to like clear view AI?

[00:51:52] And others to buy our driver’s license photos to the federal government, to also by the way, by our driver’s license photos, by them from other sites and also our passport information. It’s getting kind of scary, especially when you look into. China has a social credit system. And the Biden administration has made rumblings about the same here in the U S but in China, what they’re doing is they have cameras all over the place and your faces.

[00:52:27] And they can identify you. So if you jaywalk, they take so many points off of your social credit. If you don’t do something that they want you to do or be somewhere, they want you to be, you lose credits again, and you can gain them as well by doing various things that the government wants you to do. And.

[00:52:49] And ultimately, if you don’t have enough social credit, you can’t even get on a train to get to work. But the real bad part are the users. This is a minority in China and China’s authorities are using. Us facial recognition, technology and artificial intelligence technology. Hey, thanks Google for moving your artificial intelligence lab to China in order to control and track the users.

[00:53:19] Absolutely amazing in the United States law enforcement is using this type of software to aid policing, and we’ve already seen problems of overreach and mistaken IRS. So Facebook to you’re leading a billion of these frameworks. If you will, of people’s faces biometrics. Good for them. Hopefully this will continue a tread elsewhere.

[00:53:46] Well, we’ve talked a little bit today about firewalls, what they do, how your network is set up. If you miss that, make sure you catch up online. My podcast@craigpeterson.com, but there’s a whole new term out there that is changing security.

[00:54:03] It’s difficult to set up a secure network.

[00:54:07] Let’s just say mostly secure because if there’s a power plug going into it, there’s probably a security issue, but it’s difficult to do that. And historically, what we’ve done is we’ve segmented the networks. So we have various devices that. Maybe be a little more harmful and on one network, other devices at a different level of security and many businesses that we’ve worked with, we have five different networks each with its own level of secure.

[00:54:38] And in order to get from one part of the network, for instance, let’s say you’re an accounting and you want to get to the accounting file server. We make sure your machine is allowed access at the network level. And then obviously on top of that, you’ve got usernames and passwords. Maybe you’ve got multifactor authentication or something else.

[00:54:59] I’ll make sense, doesn’t it? Well, the new move today is to kind of move away from that somewhat. And instead of having a machine or a network have firewall rules to get to a different network or different machine within an organization. There’s something called zero trust. So again, think of it. You’ve, you’ve got a network that just has salespeople on it.

[00:55:25] You have another network that might have just your accounting people. Another network has your administrative people and other network has your software developers, et cetera. So all of these networks are separate from each other and they’re all firewalled from each other. So that only for instance, at county people can get to the accounting server.

[00:55:44] Okay, et cetera. Right? The sales guys can enter the sales data and the programmers can get at their programs. And maybe the servers that are running their virtual machines are doing testing on what was zero trust. It is substantially different. What they’re doing with zero trust is assuming that you always have to be authentic.

[00:56:11] So instead of traditional security, where, where you’re coming from helps to determine your level of access, you are assuming that basically no units of trust. So I don’t care where you’re coming from. If you are on a machine in the accounting department, We want to verify a lot of other information before we grant you access.

[00:56:38] So that information probably does include what network you’re on. Probably does include the machine you’re on, but it’s going to all. You as a user. So you’re going to have a username. You’re going to have an ID. You’re going to have a multi-factor authentication. And then we’re going to know specifically what your job is and what you need to have specific access.

[00:57:04] Because this follows the overall principle of least privilege to get your job done. Now you might’ve thought in the past that, oh my gosh, these firewalls, they’re just so annoying. It’s just so difficult to be able to do anything right. Well, zero trust is really going to get your attention. If that’s what you’ve been saying.

[00:57:23] But here’s an example of the traditional security approach. If you’re in the office, you get access to the full network. Cause that’s pretty common, right? That’s not what we’ve been doing, but that’s pretty common where we have been kind of working in the middle between zero trust and this traditional you’re in the office.

[00:57:41] So you can potentially get it. Everything that’s on the off. And if you’re at home while all you have to do is access a specific portal, or as I’ve explained before, well, you are just connecting to an IP address in a hidden port, which won’t remain hidden for. So maybe in a traditional security approach, the bouncer checks your ID.

[00:58:08] You can go anywhere inside this club and it’s multi floor, right. But in a zero trust approach, getting into the club, having that bouncer look at your ID is only the first check, the bartender or the waiter. They also have to check your ID before you could be served. No matter where you are in the club and that’s kind of how they do it right now, though, they’ll make a mark on your hand or they’ll stamp it.

[00:58:35] And now they know, okay, this person cannot get a drink for instance. So think of it that way, where every resource that’s available inside the business independently checks whether or not you should have access to. This is the next level of security. It’s something that most businesses are starting to move towards.

[00:58:57] I’m talking about the bigger guys, the guys that have had to deal with cybersecurity for awhile, not just the people who have a small business, most small businesses have that flat network that. Again about right. The traditional security approach of all you’re in the office. So yeah, you can get at anything.

[00:59:15] It doesn’t matter. And then you, you have the sales guys walking out with your client list and who knows what else is going on? Think of Ferris, Bueller, where he was updating his grades and miss days at high school, from his home computer. And you’ve got an idea of why you might want to secure. You are network internally because of, again, those internal threats.

[00:59:40] So keep an eye out for it. If you’re looking to replace your network, obviously this is something that we’ve had a lot of experience with. Cisco is probably the best one out there for this, but there are a few other vendors that are pretty good. If you want to drop me an email, I’ll put together a list of some of the top tier zero.

[01:00:02] Providers so that you can look at those. I don’t have one right now, but I’d be glad to just email me M e@craigpeterson.com. We can point you in the right direction, but if you have an it person or department, or whether you outsource it to an MSP, a managed services provider, make sure you have the discussion with them about zero.

[01:00:28] Now, when I’m looking at security, I’m concerned about a bunch of things. So let me tell you something that Karen and I have been working on the last, oh man, few weeks. I mentioned the boot camp earlier in the show today. And one of the things that we’re going to do for those people that attend the bootcamp is I think incredible.

[01:00:49] This has taken Karen so much time to dig up. Once she’s done is she’s worked with me to figure out what are the things that you need to keep tabs on. Now, again, this is aimed primarily at businesses, but let me tell you, this is going to be great for home users as well. And we’ve put together this list of what you should be doing.

[01:01:15] About cybersecurity every week. And in fact, a couple of things that are daily, but every week, every month, every quarter, every six months and every year, it’s a full checklist. So you can take this and sit down with it and, you know, okay. So I have to do these things this week and this isn’t. Response to anything in particular, it does meet most requirements, but frankly, it’s something that every business should be doing when it comes to the cybersecurity.

[01:01:53] It includes things like passwords. Are they being done? Right? Did you do some training with your employees on fishing or a few other topics all the way on down to make sure you got some canned air and blew out the fan? In your workstations, you’d be amazed at how dirty they get. And he is the enemy of computers that makes them just fail much, much faster than, than 82, same thing with server.

[01:02:22] So it is everything. It is a lot of pages and it is just check she’d made it nice and big. Right. So even I can read it. But it’s little check marks that you can mark on doing while you’re going through it. So we’re doing some more work on that. She’s got the first couple of iterations done. We’re going to do a couple more, make sure it is completely what you would need in order to help keep your cyber security in.

[01:02:50] But the only way you’re going to get it is if you are in the BR the bootcamp absolutely free. So it was this list, or of course you won’t find out unless you are on my email list. Craig Peterson.com/subscribe.

[01:03:06] One of the questions I get asked pretty frequently has to do with artificial intelligence and robots. Where are we going? What are we going to see first? What is the technology that’s first going to get into our businesses and our homes.

[01:03:22] Artificial intelligence is something that isn’t even very well-defined there’s machine learning and there’s artificial intelligence.

[01:03:33] Some people put machine learning as a subset of artificial intelligence. Other people kind of mess around with it and do it the other way. I tend to think that artificial intelligence is kind of the top of the heap, if you will. And that machine learning is a little bit further down because machines can be programmed to learn.

[01:03:54] For instance, look at your robot, your eye robot cleans the floor, cleans the carpet. It moves around. It has sensors and it learned, Hey, I have to turn here. Now. I robot is actually pretty much randomly drew. But there are some other little vacuum robots that, that do learn the makeup of your house. The reason for the randomization is while chairs move people, move things, move.

[01:04:22] So trying to count on the house, being exactly the same every time isn’t isn’t exactly right. Uh, by the way, a lot of those little vacuums that are running around are also sending data about your house, up to the manufacturer in the. So they often will know how big the house is. They know where it’s located because you’re using the app for their robot.

[01:04:47] And that, of course it has access to GPS, et cetera, et cetera. Right. But where are we going? Obviously, the little by robot, the little vacuum does not need much intelligence to do what it’s doing, but one of the pursuits that we’ve had for. Really since the late nineties for 20, 25 years are what are called follower robots.

[01:05:13] And that’s when I think we’re going to start seeing much more frequently, it’s going to be kind of the first, um, I called it machine learning. They call it artificial intelligence who you really could argue either one of them, but there’s a little device called a Piaggio fast forward. And it is really kind of cool.

[01:05:34] Think of it almost like R2D2 or BB eight from star wars following you around. It’s frankly, a little hard to do. And I want to point out right now, a robot that came out, I think it was last year from Amazon is called the Astro robot. And you might remember Astro from the Jetsons and. This little robot was available in limited quantities.

[01:06:01] I’m looking at a picture of it right now. It, frankly, Astro is quite cute. It’s got two front wheels, one little toggle wheel in the back. It’s got cameras. It has a display that kind of makes it look like kids are face, has got two eyeballs on them. And the main idea behind this robot is that it will.

[01:06:23] Provide some protection for your home. So it has a telescoping camera and sensor that goes up out of its head up fairly high, probably about three or four feet up looking at this picture. And it walks around your one rolls around your home, scanning for things that are out of the normal listening for things like windows breaking there, there’s all kinds of security.

[01:06:50] That’s rolled into some of these. But it is a robot and it is kind of cool, but it’s not great. It’s not absolutely fantastic. Amazon’s dubbing the technology it’s using for Astro intelligent motion. So it’s using location and mapping data to make sure that Astro. Gets around without crashing into things.

[01:07:18] Unlike that little vacuum cleaner that you have, because if someone loves something on the floor that wasn’t there before, they don’t want to run over it, they don’t want to cause harm. They don’t want to run into your cats and dogs. And oh my maybe lions and bears too. But, uh, they’re also using this computer vision technology called visual ID and that is used.

[01:07:41] With facial recognition, drum roll, please, to recognize specific members of the family. So it’s kind of like the dog right in the house. It’s sitting there barking until it recognizes who you are, but Astro, in this case, Recognizes you and then provide you with messages and reminders can even bring you the remote or something else and you just drop it in the bin and off it goes.

[01:08:08] But what I am looking at now with this Piaggio fast forward, you might want to look it up online, cause it’s really. Cool is it does the following, like we’ve talked about here following you around and doing things, but it is really designed to change how people and goods are moving around. So there’s a couple of cool technologies along this line as well.

[01:08:35] That it’s not, aren’t just these little small things. You might’ve seen. Robots delivery robots. The Domino’s for instance, has been working on there’s another real cool one out there called a bird. And this is an autonomous driving power. Basically. It’s a kind of a four wheel ATV and it’s designed to move between the rows of fruit orchards in California or other places.

[01:09:01] So what you do to train this borough robot is you press a follow button on it. You start walking around the field or wherever you want it to go. It’s using, uh, some basic technology to follow you, cameras and computer vision, and it’s recording it with GPS and it memorizes the route at that point. Now it can ferry all of your goods.

[01:09:29] Around that path and communicate the path by the way to other burrow robots. So if you’re out doing harvesting or whether it’s apples out in the east coast, or maybe as I said out in California, you’ve got it. Helping you with some of the fruit orchards. It’s amazing. So this is going to be something that is going to save a lot of time and money, these things, by the way, way up to 500 pounds and it can carry as much as a half a ton.

[01:09:58] You might’ve seen some of the devices also from a company down in Boston, and I have thought that they were kind of creepy when, when you look at it, but the company’s called Boston dynamics and. They were just bought, I think it was Hondai the bought them trying to remember. And, uh, anyway, These are kind of, they have robots that kind of look like a dog and they have other robots that kind of look like a human and they can do a lot of different chores.

[01:10:33] The military has used them as have others to haul stuff. This one, this is like the little dog, it has four legs. So unlike a lot of these other robots that are on wheels, this thing can go over very, very. Terrain it can self write, et cetera. And they’re also using them for things like loading trucks and moving things around, um, kind of think of Ripley again, another science fiction tie, uh, where she’s loading the cargo in the bay of that spaceship.

[01:11:05] And she is inside a machine. That’s actually doing all of that heavy lifting now. Today, the technology, we have a can do all of that for us. So it is cool. Uh, I get kind of concerned when I see some of these things. Military robots are my favorite, especially when we’re talking about artificial intelligence, but expect the first thing for these to be doing is to be almost like a companion, helping us carry things around, go fetch things for us and in the business space.

[01:11:40] Go ahead and load up those trucks and haul that heavy stuff. So people aren’t hurting their backs. Pretty darn cool. Hey, I want to remind you if you would like to get some of the free training or you want some help with something the best place to start is Craig peterson.com. And if you want professional help, well, not the shrink type, but with cyber security.

[01:12:06] email me M E at Craig peterson.com.

[01:12:10] Just in time for the holidays, we have another scam out there and this one is really rather clever and is fooling a lot of people and is costing them, frankly, a whole lot of money.

[01:12:26] This is a very big cyber problem because it has been very effective. And although there have been efforts in place to try and stop it, they’ve still been able to kind of get ahead of it. There’s a great article on vice that’s in this week’s newsletter. In my show notes up on the website and it is talking about a call that came in to one of the writers, Lorenzo, B cherry, um, probably completely messy and that name up, but the call came in from.

[01:13:03] Supposedly right. Paid pals, uh, fraud prevention system. Someone apparently had tried to use his PayPal account to spend $58 and 82 cents. According to the automated voice on the line, PayPal needed to verify my identity to block the transfer. And here’s a quote from the call, uh, in order to secure your account, please enter the code we have sent to your mobile device.

[01:13:32] Now the voice said PayPal, sometimes texts, users, a code in order to protect their account. You know, I’ve said many times don’t use SMS, right? Text messages for multi-factor authentication. There are much better ways to do it. Uh, after entering a string of six digits, the voice said, thank you. Your account has been secured and this request has been blocked.

[01:13:57] Quote, again, don’t worry. If any payment has been charged your account, we will refund it within 24 to 48 hours. Your reference ID is 1 5 4 9 9 2 6. You may now hang up, but this call was actually. Hacker they’re using a type of bot is what they’re called. These are these automated robotic response systems that just dramatically streamlined the process for the hackers to gain access into your account.

[01:14:31] Particularly when you have multi-factor authentication codes where you’re using. An SMS messages, but it also works for other types of one-time passwords. For instance, I suggest to everybody and we use these with our clients that they should use something called one password.com. That’s really you’ll find them online.

[01:14:54] And one password.com allows you to use and create one time password, same thing with Google authenticator, same thing with Microsoft authenticator, they all have one-time password. So if a bad guy has found your email address and has found your password online in one of these hacks, how can they possibly get into your PayPal account or Amazon or Coinbase or apple pay or.

[01:15:26] Because you’ve got a one time password set up or SMS, right? Multifactor authentication of some sort. Well they’re full and people and absolute victims. Here’s what’s happening. Th this bot by the way, is great for bad guys that don’t have social engineering skills, social engineering skills, or when someone calls up and says, hi, I’m from it.

[01:15:51] And there’s a problem. And we’re going to be doing an upgrade on your Microsoft word account this weekend because of a bug or a security vulnerability. So what, what I need from you is I need to know what username you’re normally using so that I can upgrade the right. So we don’t, it doesn’t cost us a whole bunch by upgrading accounts that aren’t being used.

[01:16:15] So once the account name that you use on the computer and what’s the password, so we can get in and test it afterwards, that’s a social engineering type attack. That’s where someone calls on the phone, those tend to be pretty effective. But how about if you don’t speak English very well? At all frankly, or if you’re not good at tricking people by talking to them, well, this one is really great.

[01:16:44] Cause these bots only cost a few hundred bucks and anybody can get started using these bots to get around multi-factor authentication. See, here’s how it works. In order to break into someone’s account, they need your username, email address and password. Right? Well, I already said. Much many of those have been stolen.

[01:17:07] And in our boot camp coming up in a few weeks, we’re going to go through how you can find out if your username has been stolen and has been posted on the dark web and same thing for your password. Right? So that’s going to be part of the. Coming up that I’ll announce in the newsletter. Once we finished getting everything already for you guys, they also go ahead and buy what are called bank logs, which are login details from spammers who have already tricked you into giving away some of this information.

[01:17:41] But what if you have multi-factor authentication enabled something I’m always talking about, always telling you to do. Well, these bots work with platforms like Twilio, for instance, uh, and they are using other things as well, like slack, et cetera. And all the bad guy has to do with that point is going.

[01:18:07] And, uh, say, they’re trying to break into your account right now. So they’re going to, let’s get really, really specific TD bank. That’s where my daughter works. So let’s say you have a TD bank account. And the hacker has a good idea that you have a TD bank account knows it because they entered in your username and password and TD bank was letting them in.

[01:18:32] But TD bank sent you a text message with that six character code, right? It’s usually digits. It’s usually a number. So what happens then? So the bad guys says, okay, so it’s asking me for this six digit SMS code. I could hijack their phone, but that’s more work. How about this? So all they have to do is put the information into this channel for the bot.

[01:18:59] The bot picks it up, calls you with that message. You’ve picked up the phone. It’s supposedly PayPal or TD bank or whomever on the phone gives you a fake message of some sort, and then it asks you for. You’re two factor authentication code. It says we’re going to send you the code. Right? And so now you have the code because the bad guy tried to break into your account.

[01:19:30] And so you give the code to the robot, to the bot that’s on the phone. And guess what the bad guy now has. The bad guy now has the code that you entered, which is actually the code that he needed to put on to the bank’s website in order to get into your bank account. Yeah, it sounds a little bit, uh, complicated, but in reality, it’s pretty simple and it’s much simpler than they’ve been doing already, which has cost billions of dollars so far, according to the FBI.

[01:20:03] So besides sites like PayPal, Amazon Venmo, some of these bots are targeting specific banks, specifically bank of America and chase. And with others users can customize the automatically read. This as well. So there you go. Keep an eye out. Absolutely keep an eye out. And these sites that are being used in order to coordinate with the bots, they are keeping an eye out.

[01:20:29] They’re trying to shut them down very quickly. Uh, their names are out there. I’m not going to say them. I don’t want to give the bad guys a little, any more help and trying to find out what they are or where they are. Uh, Yeah, by the way, the pricing one month access to one of these bots right now is $540 lifetime access to one of these bots to cheat people out of the bank accounts, et cetera is 27 50.

[01:20:57] And the next day the price goes up. So it’s from 27 50, it goes up to $4,000. So they’re using pretty typical marketing techniques. Hey, before we go today, I got a couple more things I want to hit really quickly. One. The threat against our critical infrastructure is real. And we’ve talked before about the hackers going after the critical infrastructure and that’s bad enough in July of last year, according to wired magazine, uh, DJI.

[01:21:30] To drone. Now you’re familiar with those DJI. I think they’re the biggest drone manufacturer in the world. They’re Chinese company. We’ve had warnings from the, uh, the feds about using some of these things because they have been tracking where they are taking pictures and sending them back to the communists in.

[01:21:54] Yeah. Anyways, in this particular case, this drone was fit up with two, four foot long nylon ropes dangling from the rotors, a thick copper wire countered to the ends of those ropes with the electrical. The bad guys had removed any obviously identifiable markings. And that includes the onboard camera memory card, because of course your onboard, camera’s going to have a serial number, but guess what?

[01:22:26] Sodas. Parts of that device, including the drone itself. Uh, but anyways, the bad guys aren’t necessarily the smartest and they were trying to avoid detection we’re guessing here. Right. But it makes sense. And the operation, according to some security bulletins that I got from the FBI that was also put out by Homeland security in the national counter terrorism center was to do.

[01:22:56] Operations by creating a short circuit. So here comes this big drone Mo you know, fair-sized drone and it is approaching this substation. And you’ve seen those before with the transformers and the wires everywhere. And the plan is to get that cop. Piece of wire on top of a couple of these high, current lines and high voltage for the most part and short it out.

[01:23:26] And that short circuit is going to knock the power off. Well, I’m not going to get into the details of how our electrical grid works, but this device wouldn’t have done what the bad guys wanted to do. But even more, it crashed onto the roof of an adjacent building before it even reached to these substation.

[01:23:45] So there you go. They had removed the camera, so they really didn’t have any idea where it was. It was flying, they were watching it, but it got too far away and they totally messed it up. But there’s a potential. For consumer drones to wreck havoc. You might remember what happened in Venezuela and Venezuela.

[01:24:05] Back in 2018, there was an explosive Laden drone tried to assassinate the president last weekend in Iraq, three drones tried to assassinate the Iraqi prime minister last weekend. All right, have a great weekend and make sure you join me online. Craig peterson.com.

Listen to this episode

Malcare WordPress Security