On This Episode…
New Cyber Security Rules going into effect for the Federal Agencies next week.

Financial Accounts are going to be Hacked.  It is time to set up all your financial accounts like you are going to be hacked.

Infant Social Security Numbers are worth the most on the Dark Web — this is because they are unused for 10-15 years during which time someone can use their identity.

DOD Weapon System cybersecurity and how the DOD, just isn’t grappling with the scale of these vulnerabilities.

Do you know what data you have?  If you don’t know what or where the sensitive data is then how do you know what you need to protect. That is why it is important to have a Cyber Liability Assessment done.

The Importance of Changing and Managing Passwords can’t be stressed enough.

Have you guys heard about Deep fakes?  This is quite terrifying what the future of AI and fake news may bring.

Where was Microsoft’s QA department? Can you believe Microsoft released an update that deletes your documents folder?  They have pulled the Windows 10 update now.

Have you rented an Airbnb lately? Apparently some Airbnb Hidden cameras in your Airbnb rental

Did you hear what students are willing to exchange for free coffee? Wow!  It is downright dangerous for them.

Craig is putting up a new insider site (Yes, it is free, but you have to sign up)  On it will have all his special reports that he puts out and you will be the first to get them.

Related Articles
Share This Episode
For Questions, Call or Text:


Below is a rush transcript of this segment, it might contain errors.

Airing date: 10/13/2018

The Importance of Cyber Liability Assessments, Changing and Managing Passwords, Deep Fakes, Microsoft pulled the Windows 10 update, Digital IDs, Hidden cameras in your Airbnb rental, The danger of no Cash options at Coffee Shops

Craig Peterson: 0:00 Hey, Good Morning, everybody. Glad to have you here. We’ve had a very busy week. This week, we managed to do our three webinar series. Hopefully, you had a chance to attend. This as part of our master class, for small businesses, about security and the types of security things you need to be doing and paying attention to, kind of being careful of. So, if you didn’t get it, we will be having other little series as time goes on. And, you know, I keep trying to do this, maybe one a week, maybe less, maybe more. But you know, time will tell. So, keep an eye out, we’ll be doing more. We had a lot of great feedback. We’ve started doing some of these cyber liability assessments. Again, these are free things we’re doing for listeners of the show, and people who attended the webinar. So, that we can tell them where they’re starting. Isn’t that the biggest problem? How can you get to where you want to go, if you have no idea where you’re at, right. So, that’s the whole idea behind this cyber liability assessment. And those are underway, we just did one for one lady that was really quite a shocking, at least to her I’m sure, a listener to the radio show, where there was well over a million dollars in liability if the data got out. So, we’re thinking maybe one of the things we should do in the very near future is put together a little special report on how to keep that data safe. Especially, with the new regulations that are starting to go into place now. That is kind of following the whole GDPR thing over in Europe. So, that you know, the protection if you will, of your personal information. California already has them in place, they’re moving over to the federal side. And it looks like the Department of Homeland Security is going to be adopting those some going into effect next week. In fact, federal agencies are special, and want to be compliant already, but, apparently, about 50% of them is all that really is ready to comply. So, we will be talking about this as time goes on. Probably put together a little master class on some of that stuff. What you have to do in order to comply with these new regulations. We’ve already been doing some stuff for GDPR for those businesses that are trying to do stuff, internationally. So, today we are going to talk about some of the articles up on my website. We do curation every week in fact, it’s me going through a lot of articles hundreds of them every week, really we kind of skim through try and find the best. Some of the best this week that you’ll find up on the site, everything you should do before and after you lose your phone. I had a conversation this week with a gentleman who just two weeks ago got ransomware in his computer and ended up taking it into the local Geek Squad over at BestBuy trying to get them to fix a few things up. Hopefully, that’s all going to work out for him, but it really brought to mind that I’ve got to put together a little masterclass and special report on this very topic. How do you prepare yourself for the inevitable? And, that is one of our articles for today, let’s see if we can find that there’s so much stuff here. Election security is a mess. Microsoft pulled the Windows 10 update, the October update. and we’ll talk about that and why really bad news, frankly there. Digital IDs extra harmful here way worse than you might suppose. Finding hidden cameras in your Airbnb rental. No cash at this cafe – What students are doing in order to get free coffee?

3:48 Terrifying future. Deep fakes. Have you have you guys seen this article? It’s up on my website. Deep fakes 2.0, the terrifying future of AI and fake news.

3:59 Weapon System cybersecurity, The DOD, just isn’t grappling with the scale of their vulnerabilities. The breach that killed Google Plus, wasn’t a breach at all. I want to talk about this today. We’ll get into it a little bit of detail. But, what’s a breach? What’s a vulnerability and what’s in between? At what point do they have to report. Right now they have to report when they have a breach of personal information. Well, how about

4:25 if they don’t know if they’ve been breached? If they found and closed some sort of a

4:29 vulnerability. As I was just talking about. You’ll see this up on my website, as well. And this is how to set up your financial accounts like you are going to be hacked. Because you will be hacked, right. Isn’t that kind of the bottom line? Isn’t that what we’ve been finding. It’s it’s bad news, but it’s the news, right. It’s a real thing, frankly.

4:54 So let’s get into this now. Your financial accounts and what to do about it.

5:05 Now, you might want to spend a little time looking at this article up on my website. In the past week. And I’m talking about right now, October 2018. We have more reports about hacks. So, the big companies. Now the small companies, as I explained in the master classes this week, those free master classes. The small companies, we don’t hear about, because who cares, right. But bottom line, it’s a big deal. Well, in the past week alone, we’ve seen Experian, Facebook, and Google, have all had hacks. Now Google’s case and we’ll talk about this a little bit more, here but it’s kind of interesting because the hack happened seven months ago. And, that brings up some other privacy problems, but now you know there have been thousands of hacks over the last 12 months. It just continually going on. I mentioned a guy who was on my masterclass this week who was hacked. Who got ransomware. It’s it’s just absolutely crazy about how that all happens. So, I went through the anatomy of a hack and the Anatomy of an attack, just because what you got was a virus, for instance, and that infected your computer and spread to other computers, doesn’t mean it wasn’t a hack. A hack is kind of a broader term we’re starting to use. We’re using the term hack because of doxxing. Now doxxing made the news again this week and the reason doxxing hit the news again this week had to do with a couple, apparently here, of Senate staffers, Democrats Senate staffers who were getting the personal information the home phone numbers, etc. of congressmen who were voting for President Trump’s nomination to the Supreme Court Brett Kavanaugh. They were posting home phone number cell numbers addresses, everything information about the senator’s spouses about their kids. The just crazy stuff they were doing. By the way, yes indeed, they got arrested for all of that. But doxxing isn’t just reserved for democratic senate staffers. Doxxing is also used by the bad guys to find out information about you, about your family, so that they can then use that to manipulate you into doing something they want you to do. And that, as it turns out, has been a $12 billion dollar business over the last 24 months, according to the FBI. That is huge, huge money.

7:45 So, we know that hacking occurs. We know that we are getting targeted. Every week I help companies and even individuals who have been hacked and help them understand what’s going on, what to do about it. But, I much prefer this and in case you’re wondering, listening on the radio, I am doing this also online. If you go to my website, you can watch the video of me here on the air. But, at Craig Peterson dot com, of course. But this, why not set everything up in advance as though that cloud service, that vendor, that customer, is going to be hacked. Because the odds are, with thousands of breaches that they could be. This is based on an article from Shira Frankel over the New York Times, and she goes through it as well. This particular article I put up is from life hacker that sometimes has some excellent stuff. And this is one of those cases, starts with the obvious stuff. I had I think it was about 70 people this week, Text me asking for my password special report. Because we had this Facebook hack this week. I spent some time going through that during this week’s master class, I may try and post that up on my website. And I’ll let you know if that ends up going up. On how to tell if your Facebook account was hacked this last week or if it has been cloned or if there’s something else fishy going on with your Facebook account. So, we covered that in this week’s master class. But, if you really want to protect yourself, obviously change your passwords, and make sure you’re using a good Password Manager, pulling it all together. And if you did not get a copy of my special report on passwords. Where I go through everything about how to create them, how to choose a really good Password Manager for yourself for your business and how to use that. If you didn’t get that make sure you text me, just send me your name and email at 855-385-5553 you can just text me right there. 855-385-5553. So, number one, use a great day password use something like last pass or one password, we use one password really great for businesses the last pass has some great features as well. But I like one password with the integration to DUO, you know two-factor authentication. So number two, make sure you check your credit report, look up your banking statements, maybe tie all of your accounts together or something like mint dot com. So, you can kind of keep track over all of this. And we had Mint’s CEO on the show some time ago. You’re going to want to freeze your credit too. Your kids, you know, nowadays they are issuing social security numbers, when the child is born, the government wants to track them from day one. You know, back in the day we applied for them. When we got our first job, right. Now you’re born you get a social security number. One of the most valuable social security numbers out there is social security numbers of infants. Why infants? You might ask, why? Why would anybody care about an infant social security number? Well, the answer is actually rather straightforward. That infant is not going to notice, the social security number has been stolen for what, 10-20 years. So, they have that period of time to misuse and abuse that so security number, maybe the name, the date of birth, all of that sort of stuff, but the date of birth, they can manipulate, right. They’re just going to lie about it. And now they have a way to work in the US and bank accounts and get it all of this stuff. So, one of the things they’re advising is not only checked your kid’s credit report but make sure you put a freeze on their accounts, as well, at the three main credit bureaus. Now, I mentioned what was this about a few weeks ago that freezes are about to be free, thanks to a bill, President Trump signed a number of months back. Those should be in place already, and double check with the credit agencies, but they should not be charging you for freezes or, un-freezes anymore, which is actually a really good thing because Equifax didn’t seem to care, right, that they lost all of our personal information. And then kind of the last thing is two-factor authentication, if all you can do is two-factor authentication with your phone, getting a text message. Okay, I get it. I understand. It’s complicated to do it with other devices. We have physical Yubikeys. We also have the one password that we can use and use that to do validation with one time passwords, using one password. So all of that again, up on my website.

12:50 This next one that brings up some interesting questions. And this is about a breach that killed Google Plus. Now, you might remember Google Plus when everyone was worried, you don’t know it’s going to take over from Facebook, because Google Plus is a social network and well, Google’s behind it, right? So why would it not take over? Well, very few people ended up using Google Plus. And it turns out there was a major problem with the security on Google Plus. Now, this is where the interesting question comes in.

13:23 They had an API on Google Plus that could theoretically be used to access the personal information of as many as about a half a million users of Google Plus, actual hits. That’s probably the total number of users of Google Plus, there just weren’t very many of them. I had an account, but I never really used it. It never got traction,

13:44 right? They really never did.

13:47 So, this vulnerability would allow people to get in and get all this private information. But, there were only 432 people who ever registered to use the API on Google Plus. How’s that for a slap in the face for Google? You know, Come on, guys, obviously, people just aren’t using your platform. So why keep it up? Well, about seven months ago, they found this vulnerability and they fixed it, in March of this year. Now, did you notice, they didn’t tell anybody? This vulnerability was never reported. Because the Google lawyers apparently looked at this. And this is a great article, from the Verge, that I put up on my website. But they apparently looked at it and said, The law requires us to report data thefts, data breaches. In this case, we don’t know if anyone used this API, this programming interface. We don’t know if anybody used it to steal personal information. Therefore, we’re not going to tell anybody about it. We’re just going to close the hole and not bother mentioning it. The Wall Street Journal found out about this when it got its hands on some memos. And that’s what got this particular ball rolling. So Unknown 15:14 what here? Where’s the

15:16 disconnect? What do you call something like this? Is it a bug? Is it a breach? Is it a vulnerability, the laws that are in place right now, and California has one of the strictest ones, none of them address this type of a problem? So, companies are kind of confused over, What they have to tell regulators? What they have to tell their customers? Because, Would you like to know that your data might have been lost? Unknown 15:47 You know a company doesn’t really want to tell you your data might have been

15:50 lost. Because, if your data might have been lost, you’re not going to be very happy with them. You know, we’re looking at statistics right now, that says, 60 plus percent, in some cases, as much as 80% of people do not want to do any business at all with a company that had a data breach. So, if you’re a small business, and you’re not sure if you had a data breach, because small businesses, how often do you have loggers in place, that track things like potential data breaches? potential data losses? Right? Small businesses don’t usually have those now, we’ve helped a lot of small businesses put those systems in place because they’re required to by law. So, depending on what business you’re in, you may or may not be mandated to have those systems in place. But, you probably don’t know if you were breached. And if you were breached, and you found out which, by the way, on average, is six months if you found out six months later, and could you tell them what was lost or what might have been lost. So, businesses are just keeping silent about all of this, understandably, right, because most people will not do business with you again if you lost their data.

17:05 So, that makes all you know, a lot of sense, I think you probably feel the same way as

17:09 I do. I wouldn’t want to be doing business with somebody that lost my personal private information. So, when we’re talking about this, as the Project Zero guys over at Google, they’re looking for zero-day attacks. We’ve got white hat bug hunters, who are out there looking to build the reputation. What, you know, Facebook just fell from grace, just a few weeks ago, 50 million-plus accounts were hacked, they were exposed. Look at what happened last week with, Did my account get hacked? I got this weird message. It said I should forward this and a friend did not accept my friend request, you know what’s going on right

17:55 Industry is still trying to figure it out. It’s yet another example of how we just I don’t have the laws to keep up with

18:03 the technology, nowadays,

18:05 right? I guess that shouldn’t be a surprise to anybody.

18:09 I’ve got to bring this one up. We’ve got a lot of weapons systems that are being developed, nowadays. I was reading some interesting stuff about World War Two technology and what was being done by the Germans and the Russians and others. And, you know, and it was very mechanical, right? The torpedoes back in the day had wires they ran all the way back to the submarine.

18:33 Interesting stuff. Today, wow, the Department of Defense now is trying to protect everything. We have some Department of Defense sub-subcontractors, as clients trying to help them out these huge reports they have to do. The training they have to do? Physical security, as well as computer security. So they’re trying to tighten it up, but if you look at something like this and I’m holding up to the camera just a quick picture showing one particular weapon. And all of the computers are on board we’re talking about something that’s really a computer, right? It’s not a missile it’s a flying computer on a, you know, on a flight platform, frankly. In operational testing the DOD has routinely found, what they’re calling mission-critical cyber vulnerabilities, in these systems that were under development, absolutely huge. Great article from gao.gov. They found that using simple tools, simple techniques that the whole – Are you familiar with the Red Team, Blue Team thing – Where you have a competing cyber team, someone’s trying to defend the network while another team is trying to break into the network? The military does this all the time. We do this with private businesses, where it’s intended external scan is kinda like a penetration test, but you, you’re actively trying to defend, actively trying to hack, so that you can see how effective both tools are and you can’t defend properly if you don’t know a hack right isn’t that kind of the bottom line, here. So they were doing it and they found that most of the time the bad guys quote unquote could get into these different and pass these defenses in these defense systems without even being detected. Now that’s a very bad thing so the DOD has recently taken some steps are trying to improve the weapon system cybersecurity. They’ve got new policies, new guidelines, out there to incorporate cybersecurity. We found that some of our clients are there just manufacturers of widgets, basic widgets, things like wires or you know modules that might go into one of these DOD systems. Even down to that level where there’s there’s nothing active. There’s no computer systems active at all. So even at the level of a wire, the cables and connectors the DOD is now going to those people and saying, hey listen you need to up your security, here are the new standards, and they have to meet these new NIST standards and others. A very big deal, very scary deal frankly. And we’ve we’ve got to pay attention to these systems and now we know why. The GAO the General Accounting Office has found that the DOD systems are severely lacking in security. Which is scary when you consider that we have potential adversaries, such as China or Russia or even North Korea, in Iran Who all are are very good at hacking all know how to get into systems and it couldn’t be very bad frankly. Could end up being very bad.

21:57 next article

21:58 real quick you’re going to want to go online and have a look at this. This articles from Wired and I have it up on my website as well, at least a link to it, at Craig Peterson dot com, but everything you should do before and after you lose your phone. It’s really great. It goes through the features that you can use, from remote tracking, exactly how to do it. Where the settings are, protecting your lock screens, backing up data, face ID, passcodes, thumbprint readers, their preemptive measures, and what to do, contacting your carrier. Very good advice. Something that you probably should have a look at out there.

22:42 This is terrifying,

22:46 frankly. And, this is the future.

22:53 Now, we know about AI,

22:55 right? Artificial intelligence, machine learning, which is kind of the precursor to artificial and machine learning is kind of where we’re at now. There’s no real artificial intelligence by the strictest of definitions, but

23:09 it’s coming

23:10 In this article is about something called Deep fakes. Have you heard about this before you’ve heard about the fake news, right? So what’s a deep fake, a deep fake, as it turns out, is a video in this case that looks like it’s someone doing something else. And these deep fakes were discovered over on Reddit, which is a bulletin board, some really interesting stuff. But, what they had done is they had taken some porn video and had a computer, analyze it, and had taken some video of Emma Watson and had the computer analyze that. And, of course, when it comes to celebrity, there are lots of videos, you’ve got all of the facial tics, the way they express themselves away, they move. The computers are analyzing their gate, you know, as they’re walking, their vocal patterns, etc, etc. And these deep fakes, now have gotten so good that they’ve been able to take Emma Watson’s face and stick it on another body and create a whole new video. One that never existed before. So, Emma Watson never did any of this. Remember, Watson was not videotaped performing any of these acts. Obviously, somebody was, today, but it looks like it was her. Absolutely amazing. Now, I went on to Reddit. These have been taken down, its against Reddit policies to have that type of stuff up online. But deep fakes, are only the first step in a chain of technology that’s coming our way, and coming our way fast. We can now do all kinds of stuff. Think of Gollum for instance, from Lord of the Rings. There was an actor that was moving, did you see that any of the behind the scenes stuff on this, he was moving, he had these kinds of balls all over him, so the computer could track his movements, and it did very coarse movements. If he’d move his arms, the computer can move his arms and you saw the computer animation with this kind of turned him into a stick figure so that they could make Golem move basically the same way. And then they went in afterwards. And then they tried to do the face, make the face just write a move just right, don’t have to do any of that today. Today, you can just take a video, just a regular video. And from that regular video, put it on top of another regular video. Within its expected here. And this is an article from Daily Dot. And it’s quite fascinating. But it’s expected that within the next 10 years, this sort of thing will be extremely easy to you to do.

26:03 It’s this article goes on for about eight pages. But this technology will end up being used for producing clones. You’ll be able to use these in when with a psychiatrist where you got issues with your mom or your dad or someone else they can in a virtual world, today eventually, maybe not even a virtual world but today they can bring that person in and have you chat with them. That you know barely, right 10 years from now. It will be pretty, darn good. And 20 years from now it may be indistinguishable from reality. Just like you’re talking right now with some of these chatbots, online. Where it’s just you typing back and forth without really a computer the other end. In the near future it’s going to be like you’re on Skype with someone but then the person at the other end isn’t a person. It’s a computer, a computer program. So there’s a few more we did not get to today. I hope check them out online. What students are doing to pay their tab. Hidden cameras at Airbnb rentals. Digital IDs, very scary things. Do not install Windows 10 updates, before you have a good backup. They are, Windows 10 updates I’ve been deleting all your documents. And not fun and election security is an absolute mess. But we can’t get today so visit me online Craig Peterson dot com. Make sure you sign up for my next master class. Sign up for my email list just Craig Peterson dot com slash subscribe. Love to see you there. We’ll keep you up to date. Every week we send out these articles to everybody that is a subscriber. Craig Peterson dot com slash subscribe or text me anytime. Any question. 855 385 5553. Have a great week. We’ll be back next week and in fact we will be podcasting on Monday again. Take care bye-bye.