This week I am spending a bit of time discussing Bitcoin and other crypto-currency and their tie to Ransomware and a couple of things the Feds are doing from the IRS to DOJ. Then we go into the Gig Economy and thru the ramifications of CA Prop 22 and More so listen in.
For more tech tips, news, and updates, visit – CraigPeterson.com.
Tech Articles Craig Thinks You Should Read:
Automated Machine-Generated Transcript:
Craig Peterson: [00:00:00] The silk road is back in the news as a billion dollars was just taken from their account. We’re going to talk about mobile security, ransom payments, and doxing. And of course, a whole lot more as you listen right now.
Hi, everybody, of course, Craig Peterson here. Thanks for spending a little time with me today.
We have a bunch to get to. I think one of the most interesting articles, what kind of start with this week because this is a very big deal. We’re talking about something called cryptocurrency, and I’m going to go into that a little bit. So for those of you who already know, just maybe there’s something you’ll learn from this little part of the discussion and then we’ll get into Bitcoin more specifically.
Then the secret service, what they have been doing to track down some of these illegal operators and also how this is really affecting ransomware. Those two, by the way, are just tied tightly together, Bitcoin and ransomware. So I’ll explain why that is as well.
Cryptocurrency has been around for quite a while now. There’s a concept behind cryptocurrency and it’s the most important concept of all, frankly, when it comes to cryptocurrency and that is you have to use advanced to mathematics in order to prove that you have found a Bitcoin.
Time was you’d go out and go gold mining. Heck people are still doing it today. all over New England. It isn’t just the Yukon or Alaska or Australia, et cetera. They’re doing it right here. And they have proof that they found something that’s very hard to find because they have a little piece of gold or maybe a nugget or maybe something that’s like a huge nugget man. I saw a picture of one out of Australia that was absolutely incredible. Takes a few people to carry this thing. That is proof, isn’t it? You can take that to the bank, ultimately. You sell it to a gold dealer who gives you cash. That you can then take to a bank. Then the bank account information is used to prove that you can buy something. You give someone a credit card, it runs a little check. Hey, are we going to let this guy buy it? Or a debit card? Hey, does he have enough money in the bank? So along with that pathway, you have something that is real. That’s hard and that’s the gold that was mined out of the ground. Then it very quickly becomes something that’s frankly, unreal.
Time was our currency was backed by gold and then it was backed by silver. Now it’s backed by the full faith and credit of the United States government. not quite the same thing, is it? So we’re dealing with money that isn’t all that real, the United States agreed to not manipulate its currency.
We became what’s called the petrodollar. All petroleum products, particularly crude oil are sold on international exchanges using the US dollar. China is trying to change that. Russia’s tried to change that. They’re actually both going to change it by using a cryptocurrency. At least that’s their plan.
The idea behind cryptocurrency is that your money, isn’t real either, right? You sure you’ve got a piece of paper, but it’s not backed by anything other than the acceptance of it by somebody else. If you walk into Starbucks and you drop down a quarter for your coffee. Yeah, I know it’s not a quarter used to be a dime. I remember it was a dime for a cup of coffee, not at Starbucks, but you dropped down your money. Okay. Your $10 bill for a cup of coffee at Starbucks, they’ll take it because they know they can take that $10 and they can use it to pay an employee and that employee will accept it and then they can use that to buy whatever it is that they need. It’s how it works.
With Bitcoin, they’re saying what’s the difference? You have a Bitcoin. It’s not real. Ultimately represents something that is real, but how is there a difference between accepting a Bitcoin and accepting a $5 bill? What is the difference between those two or that $10 bill that you put down at Starbucks? In both cases, we’re talking about something that represents the ability to trade. That’s really what it boils down to. Our currencies represent the ability to trade.
Remember way back when, before I was born that a standard wage was considered a dollar a day. So people would be making money at a rate of a dollar a day. I remember that song, old country song. I sold my soul to the company’s store and they made enough money just basically yet buy in to pay the company for the room and board and everything else they had. Interesting times, not fun, that’s for sure for many people caught up in it. When you dig down behind Bitcoin, once you ultimately find at the root, was a computer that spent a lot of time and money to solve this massive mathematical equation. That’s the basics of how that works. That’s what Bitcoin mining is. Right now, it costs more to mine a Bitcoin.
In most areas, then it costs for the electricity to run it and the hardware to buy it. There are computers that are purpose made. Just to create these Bitcoins, just to find them just to mine them. If you’re sitting at home thinking, wow, I should get into a cryptocurrency and I’ll just go ahead and mine it on my computer, that’s really fun. It’s a fun thing to think about. But in reality, you are not going to be able to justify it. You’d be better off to go and buy some gold or another precious metal.
So that’s how cryptocurrency has, how Bitcoin, that’s how all of these really begin is just with the computer, trying to solve an incredibly complex math problem that can take weeks or months for it to solve.
For those of you that want to dig a little bit more, basically, it’s using prime numbers. You might remember messing with those in school. I remember, I wrote a program to determine prime numbers a long time ago. 45 plus years ago, I guess it was, and it was fun because I learned a lot about prime numbers back then. But we’re dealing with multi-thousand digit numbers in some of these cases, just huge numbers, far too hard for you or I to deal with and that’s why I take so incredibly long.
Now we know how the value was started and that was with somebody running a computer finding that Bitcoin and putting it on the market. Now, normally when you’re looking at market and market volatility, markets are supply and demand based except for government interference.
We certainly have a lot of that in the United States. We do not have a completely free market system, not even close. The free market says I had to dig this hole and in order to dig that hole, I had to have a big backhoe. Before that, I had to have a bucket or maybe some other heavy equipment to move all of the earth out of the way, the bulldozers, et cetera.
Then I had to run that through some sort of a wash plant and all of these things cost me money. So basically it costs me whatever it might be, a hundred bucks, in order to find this piece of gold, and then that hundred bucks now that it costs him to do it is the basis for the value of that piece of gold.
Obviously, I’m not using real numbers, but just simple numbers to give you an idea of how cryptocurrency works. So it’s a hundred bucks for me to get that piece of gold out of the ground. Then that piece of gold is taken and goes to some form of a distributor. So I’m going to sell that piece of gold to somebody that’s going to melt it down.
They’re going to assay it and say, yeah, this is a hundred percent pure gold, and then they’ll sell it to someone and then they’ll sell it to someone and then they’ll sell it to a jeweler who then takes it and makes jewelry. Every time along there they’re adding stuff onto it. But the basic value of gold is based on how hard it is to get and how many people want to get their hands on it.
The law of supply and demand. You’ve seen that over the years, it’s been true forever. Really? That’s how human trade works. Capitalism, in reality, is just the ability of strangers to trade with each other is just an incredible concept.
What we’re talking about here with the cryptocurrency is much the same thing. The value of cryptocurrency goes up and down a lot. Right now, one Bitcoin is worth about 15,000, almost $16,000 per bitcoin.
We’ll talk about that. What is Bitcoin? How can I even buy it? Pizza for the silly things were 16 grand, right? It’s like taking a bar of gold to buy a pizza.
How do you do that? How do you deal with that? So we’ll get into that, and then we’ll get into how the tie between cryptocurrencies, particularly Bitcoin, and the criminal underground. That tie is extremely tight and what that means to you. It is tied directly into the value of Bitcoin.
Right now the basis is it costs me 16 grand to mine, a Bitcoin. Therefore that’s where I’m going to sell it for, of course, there are profit and everything else that you put into that $16,000 number.
We’ve got a lot more to get to today. We’re going to talk about this billion dollars, which is, that’s a real piece of money here that the feds just seized.
Right now talking about Bitcoin. What’s the value of it? How is it tied into criminal enterprises and what’s going on with the FBI seizure this week?
Bitcoin’s value has been going up and down. I just pulled up during the break, a chart showing me the value of Bitcoin over the last 12 months. It has been just crazy. going back years it was worth a dollar. I think the Bitcoin purchase was for a pizza, which is really interesting when you get right down to it.
The guy says, Oh yeah, what the heck, take some Bitcoin for it. Okay. here we go. May 22nd, 2010 Lasso Lowe made the first real-world transaction by buying two pizzas in Jacksonville, Florida for 10,000 Bitcoin.
10,000 Bitcoin. So let me do a little bit of math here. Let me pull it up here. Today’s price is about $15,750,000. So he bought it. Two pizzas for the value today, Bitcoin of $157 million. That’s actually pretty simple math, $157 million. Okay, that was 10 years ago. The first Bitcoin purchase. So it has gone up pretty dramatically in price.
I think the highest price for one Bitcoin was $17,900. It was almost $18,000 and then it’s dropped down. It has gone up and it has gone down quite a bit over the years. It seems to have had a few really hard drop-offs when it hit about 14,000. Right now it is above that.
So I’m not giving investment advice here, right? That’s not what I do. We’re talking about the technology that’s behind some of this stuff, but one Bitcoin then. Is too much for a pizza, right? So he paid 10,000 Bitcoin for his first pizza. That’s really cool, but, ah, today where it’s another word, the Bitcoin was worth just a fraction of a cent each back then.
Today you can’t buy a pizza for one Bitcoin. So Bitcoin was designed to be chopped up so you can purchase and you can sell them at a fraction of a Bitcoin. That’s how these transactions are happening. Now there’s a lot of technology we won’t get into that’s behind all of this and how the transactions work and having a wallet, a Bitcoin wallet, and how the encryption works and how all of these logs work. The audits, basically the journals that are kept as accountants and how a majority of these have to vote and say that particular transaction was worthwhile.
The fact that every Bitcoin transaction is not only stored but is stored on thousands of computers worldwide. Okay. There’s a whole lot to that, but let’s get into the practical side.
If you are a bad guy. If you are a thief. If you’re into extortion. If you’re doing any of those things, how do you do it without the government noticing? In reality, it’s impossible when you get right down to it. Nothing is completely anonymous and nothing ever will be most likely, completely anonymous.
But they still do it anyway, because, in reality, they, the FBI or the secret service or whoever’s investigating has to be interested enough in you and what you’re doing in order to track you down. If they are interested enough, they will track you down. It really is that simple.
Enter a convicted criminal by the name of Ross Ulbricht
Ross was running something online, a website called the silk road. It was what’s known as the dark web. If you’ve listened to the show long enough, the history of the dark web and that it was founded by the US government. In fact, the dark web is still maintained by the government. I’m pretty sure it’s still the Navy that actually keeps the dark web online.
The thinking was we have the dark web. It’s difficult for people to track us here on the dark web and if we use something like Bitcoin, one of these cryptocurrencies for payment, then we are really going to be a lot safer. Then they added one more thing to the mix called a tumbler. And the idea with the tumbler is that if I’m buying something from you using Bitcoin, my wallet shows that I transferred the Bitcoin to you. All of these verification mechanisms that are in place around the world also know about our little transaction, everybody knows. The secrecy is based on the concept of a Swiss bank account. When with that Swiss bank account, you have a number and obviously you have a name, but it is kept rather anonymous. The same, thing’s true with your wallet. You have a number, it’s a big number to a hexadecimal number. It is a number that you can use and you can trade with. You’ve got a problem because, ultimately, someone looking at these logs who knows who you are or who I am or wants to figure out who either one of us is probably can. And once they know that they can now verify that you indeed are the person who made that purchase.
So these tumblers will take that transaction instead of me transferring Bitcoin directly to you, the Bitcoin gets transferred to another wallet. Then from that wallet to another wallet and from that wallet to another wallet and from that wallet to a number of another wallet. Now is much more difficult to trace it because I did not have a transaction directly with you.
Who is in the middle? That’s where things start getting really difficult. But as Russ Ulbricht found out, it is not untraceable.
He is behind bars with two life sentences plus 40 years. What they were doing on the silk road is buying and selling pretty much anything you can think of. You could get any hard drug that you wanted there, you could get fake IDs, anything, really, anything, even services that you might want to buy. There are thousands of dealers on the silk road. Over a hundred thousand buyers, according to the civil complaint that was filed on Thursday this week.
Last week, actually, the document said that silk road generated a revenue of over 9.5 million Bitcoins and collected commissions from these sales of more than 600,000 Bitcoin. Absolutely amazing.
Now you might wonder, okay. Maybe I can buy a pizza with Bitcoin or something elicit with Bitcoin, but how can I use it in the normal world while there are places that will allow you to convert Bitcoin into real dollars and vice versa?
In fact, many businesses have bought Bitcoin for one reason and one reason in particular. That reason is insurance. They have bought Bitcoin in case they get ransomware. They just want it to sit in there, to use to pay ransoms. We’ll talk more about that. We’re turning into the Bitcoin hour, I guess today. we are talking a lot about it right now because it’s one of the top questions I get asked.
The IRS is saying that they may put a question on your tax return next year, about cryptocurrency specifically Bitcoin. So what’s that all about? And by the way, the IRS had a hand in this conviction too.
Your listening to Craig Peterson.
We just mentioned, gentlemen, I don’t know if he’s a gentleman, by the name of Ross Ulbricht and he is behind bars for life. He was buying and selling on the. A website called the silk road. In fact, he was the guy running it, according to his conviction and two life terms, plus 40 years seems like a long time.
In other words, he’s not getting out. The internal revenue service had gotten involved with this as well because you are supposed to pay taxes on any money you earn. That is a very big deal when you’re talking about potentially many millions of dollars. So let’s figure this out. I’m going to say, some 9.5 million.
So 9 million, 500,000. There we go, Bitcoin. What do we want to say? Let’s say the average value of that Bitcoins over time, there was about $5,000 apiece. Okay. So let’s see times 5,000, Oh wow. That’s a big number. It comes back to 47 billion. There you go. $500 million dollars. Almost $50 billion. That’s just really rough back of the envelope math.
We have no idea. So that’s a lot of money to be running through a website. Then the commission that he made on all of those sales is said to have been more than 600,000 Bitcoin. So again, 600,000 times let’s say an average price of $5,000 per Bitcoin. So that’s saying he probably made about $3 billion gross anyways, on these collected commissions. That is amazing.
The IRS criminal investigation arm worked with the FBI to investigate what was happening here as well as, by the way, the secret service. I got a briefing on this from the secret service and these numbers are just staggering, but here’s the problem. The guy was sentenced a few years ago. 2015 he was prosecuted successfully. where did all of his money go? His money was sitting there in Bitcoin, in an unencrypted wallet, because part of the idea behind your Bitcoin wallet is there are passcodes and nobody can get at that your wallet information unless they have the passcode. So they might know what your wallet number is, which they did. The secret service and the IRS knew his wallet number, but how can they get at that Bitcoin and the money it represents? They did. This is like something really from one of these, TV shows that I don’t watch right there. What is it? NCU? The crime investigator unit CIU or whatever it is on TV. I can’t watch those because there’s so much stuff they get wrong technically, and I just start screaming at the TV. It’s one of those things. What they found is that the wallet hadn’t been used in five years. They found that just last week, people who’ve been watching his Bitcoin wallet number, found that they were about 70,000 Bitcoins transferred from the wallet.
So people knew something was going on. Then we ended up having a confirmation. The feds had admitted that it was them. They had gone ahead and they had a hacker get into it. So here’s a quote straight from the feds. That was an ARS Technica this week, according to the investigation, individual X was able to hack into silk road and gain unauthorized and illegal access and thereby steal the illicit cryptocurrency from silk road and move it into wallets and individual X controlled. According to the investigation, Ulbricht became aware of individual X’s online identity and threatened individual X for the return of the cryptocurrency to Ulbricht. So Ulbricht had his cryptocurrency stolen, which by the way, is if you are dealing with Bitcoin, that is very common, not that it’s stolen. It does get stolen and it’s not uncommon. It’s very common for the bad guys to try and hack into your Bitcoin wallet. That’s part of the reason they install key loggers so they can see what the password is to your wallet.
So apparently that unknown hacker did not return or spend the Bitcoin, but on Tuesday they signed consent and agreement to forfeiture with the US attorney’s office in San Francisco and agreed to turn over the funds to the government. Very complex here. There are a lot of links that the Silkroad founder took to really obfuscate the transfer of the funds. There’s tons of forensic expertise that was involved and they eventually unraveled the true origins of Bitcoin. It is absolutely amazing.
Earlier this year they used a third-party Bitcoin attribution company to analyze the transactions that had gone through the silk road. They zeroed in on 54 trends and actions, the transferred 70,000 Bitcoins to two specific wallets. I said earlier, by the way, that it was hex, it isn’t hex. It’s mixed upper lower case. characters as well as numbers. And, so it’s a base. What is it? 26, 40, 60 something. The Bitcoin is valued at about $354,000 at the time. I don’t know about you. I find this stuff absolutely fascinating. There’s a lot of details on how it was all done and they got the money back.
So with a cryptocurrency, you’re not completely anonymous. As the founder of the silk road finds out. You end up with criminal organizations trying to use it all the time. Just having and using Bitcoin can raise a red flag that you might be part of a criminal organization. So you got to watch that okay.
In addition to that, The IRS is looking to find what it is you have made with your Bitcoin transactions because almost certainly those are taxable transactions. If you’ve made money off of Bitcoin. Now you’d have to talk to your accountant about writing off money that you lost when you sold Bitcoin after it had dropped.
I do not own any Bitcoin. I don’t. I played with this years ago and I created a wallet. I started doing some mining, trying to just get to know this, so I’m familiar with this. I’ve done it. I haven’t played with it for a long time.
If you have made money on Bitcoin and you sold those Bitcoin, or even if you transferred Bitcoin and the profits as Bitcoin, you all money to the IRS. Now the feds have their hands on almost a billion dollars worth of Bitcoin, just from this one guy. that’s it for Bitcoin for today.
We’re going to talk about Uber and Lyft and how they’re in the driver’s seat right now to maybe remake labor laws in about two or three dozen States almost right away.
Are you, or maybe somebody driving for Uber or Lyft, or maybe you’ve been thinking about it? There are a lot of problems nationwide when it comes to employee status. We’re going to talk about the gig economy right now.
Hey, thanks for joining me, everybody. You are listening to Craig Peterson.
Hey, Uber and Lyft are two companies that I’m sure you’ve heard of. If you heard about the general category here, it’s called the gig economy. The gig economy is where you have people doing small things for you or your business. That’s a gig. So during this election season, for instance, I turned somebody on to a site called Fiverr, F I V E R R.com, which is a great site. I’ve used it many times. I turned them on saying that because they wanted a cartoon drawn there is no better place than to go to Fiverr. Find somebody who has a style you like, and then hire them. It used to be five bucks apiece, nowadays not so much, it could be 20, it could be a hundred, but it is inexpensive.
When you hire somebody to do that as a contractor, there are rules and regulations to determine. If you are an employee versus an independent contractor, there are a lot of rules on all of this, including filing 1099s. But can you decide whether or not they are a contractor? So let’s look at the rules here.
I’m on the IRS website right now and they have some basic categories. So number one, behavioral control, workers, and employee, when the business has the right to direct and control the work performed by the worker. Even if that right is not exercised. Then they give some reasons for behavioral control, like the types of instructions given, when and where to work, the tools to use the degree of instruction. I think the big one is training to work on how to do the job, because frankly, even if you’re hiring somebody to do something for you, that takes an hour. You have control over their behavior.
But how about an Uber driver or Lyft driver? Are you telling them where to go? Duh, of course, you are. are you telling them, Hey, don’t take that road because the Westside highway so busy this time of day, of course, you are? It looks like they might be employees but under behavioral control.
Next step financial control. Does the business have a right to direct or control the financial and business aspects of the worker’s job, such as significant investment in the equipment they’re using unreimbursed expenses, independent contractors, and more likely to incur unreimbursed expenses than employees? there you go.
Okay. So no that Uber Lyft driver, that person making the cartoon, I don’t have any financial control over their equipment.
Relationship. How do the worker and the business perceive their interaction with each other in written contracts? Or describe the relationship? Even if the worker has a contract that says they are a contractor does not mean that they aren’t a contractor.
By the way, if you’re not withholding the taxes and paying them as an employee, and then they don’t pay their taxes and the IRS comes coming after somebody they’re coming after you as well for all of those that you did not pay taxes on.
Then it goes into the consequences of misclassifying an employee goes on.
So there are people who could maybe they’re an employee, maybe their contractor, but with Uber and Lyft, California decided to put it on the ballot because both Uber and Lyft were saying, we’re pulling out of California. California has a state income tax and they want to collect that income tax. Plus California, we’re saying, Oh, we care about the drivers.
Maybe they do. Maybe they don’t. I’m a little jaded on that.I might say because I had a couple of companies out in California, way back in the day.
So the California voters had it on the ballot just here. What a week ago? A little more than a week ago, maybe two almost now isn’t it. They decided to let Uber and other gig economy companies continue to treat the workers as independent contractors. That is a very big deal. Because now what’s happened because of this overwhelming approval of proposition 22, these companies are now exempt from a new employment law that was passed last year in California.
So what goes out the window here the well minimum rate of pay, healthcare provisions, et cetera. And by the way, They still can get this minimum pay and healthcare provisions. Okay. They can still get it. It’s still mandated out there, but it’s absolutely just phenomenal.
Apparently, the law that was passed last year was started because these gig people can really cut the cost of something and other people just weren’t liking it.
Frankly, gig companies also outspent the opposition by a ratio of $10 to $1, which is amazing. 10 to one on. Trying to get this proposition to pass. So it’s a very big deal. And what it means is in California, these gig workers are independent contractors, but there’s a couple of dozen states that are looking at this, including to our South, or maybe the state you’re listening in. If you’re listening down in mass right now, but South of where I am.
In Massachusetts, the state attorney general has sued Uber and Lyft over worker classification. And this, of course, is going to have nothing to do with what happened in California right now. There are other States who are looking into this right now and you’ll be just totally surprised. They’re all left-wing States. I’m sure. I hope you were sitting down, New York, Oregon, Washington state, New Jersey, and Illinois. Okay. so we’ll see what happens here. The companies have tried to make a good with the unions. Unions, pretty upset about this, good articles. So you might want to look it up online.
Now I want to, before this hour is up, talk about ransom payments. I have mentioned before on the show that the department of justice now looks at people and businesses, paying ransomware as supporting terrorist operations. Did you realize that it’s like sending money off to Osama Bin Laden, back in the day? Because if you do pay a ransom, the odds are very good that it is going to a terrorist organization. Oh, okay. It could be Iran. Are they terrorists? No, but they do support terrorism, according to the state department. Is Russia terrorist. no, but are they attacking us? Is this okay? Is there an attack of the United States, a terrorist attack? This is bringing up all kinds of really interesting points.
One of them is based on arrests that were made about three weeks ago where some hackers were arrested on charges of terrorism. It is affecting insurance as well. I’ve mentioned before that we can pass on to our clients a million dollars worth of insurance underwritten by Lloyd’s of London. Very big deal.
But when you dig into all of these different types of insurance policies, we’re finding that insurance companies are not paying out on cyber insurance claims, they’ll go in and they’ll say, you were supposed to do this, that, and the other thing. You didn’t do it, so we’re not paying.
We’ve seen some massive lawsuits that have been brought by very big, very powerful companies that did not go anywhere, because again they were not following best practices in the industry. So this is now another arrow in the quiver, the insurance companies to say. Wait a minute, you arrested hackers who were trying to put ransomware on machines and did in many cases and charged a ransom. You charge them with terrorism. Therefore, the federal government has acknowledged that hacking is a form of terrorism. Isn’t that kind of a big deal now. So it’s an act of terrorism. Therefore we don’t have to payout.
It’s just if your home gets bombed during a war, You don’t get compensation from the insurance company, and ransomware victims now that pay these bad guys to keep the bad guys from releasing data that they stole from these ransomware victims are finding out that data that was stolen is being released anyways.
So here’s, what’s going on. You get ransomware on your machine. Time was everything’s encrypted and you get this nice big red and warning label and you pay your ransom. They give you a key and you have a 50% chance that they are in fact, going to get your data back for you.
Nowadays, it has changed in a big way where they will gain control of your computer. They will poke around on your computer. Often an actual person poking around on your computer. They will see if it looks interesting. If it does, they will spread laterally within your company. We call that East-West spread and they’ll find documents that are of interest and they will download them from your network, all without your knowledge and once they have them, they’ll decide what they’re going to charge you as a ransom.
So many of these companies, the bad guys. Yeah. They have companies, will ransom your machines by encrypting everything, and the same pay the ransom, get your documents back. Then what’ll happen is they will come back to you, maybe under the guise of a different, bad guy, hacker group. They’ll come back to you and say, if you don’t pay this other ransom, we’re going to release all your documents, and you’re going to lose your business.
Yeah, how’s that for change?
So paying a ransom is no guarantee against them releasing your files.
Hey, we’ve been talking about how computers are everywhere. What can we expect from our computerized cars? What can we expect from computers? Intel has had a monopoly with Microsoft called the Wintel monopoly.
So if you missed part of today’s show. Make sure you double-check and also make sure you are on my newsletter list. I’m surprised here how every week I get questions from people and it’s great. That’s it. I love to help.
I was asked when I was about 19 to read this little book and to also to fill out a form that said what I wanted on my headstone. That’s it heady question to ask somebody at 19 years of age, but I said that this was pretty short and sweet. I said, “he helped others.” Just those three words, because that’s what I always wanted to do. That’s what I always enjoyed doing. You can probably tell that’s why I’m doing what I’m doing right now is to help people stop the bad guys and to make their lives a little bit better in the process, right? That’s the whole goal. That’s the hope anyway.
If you need a little help, all you have to do is reach out. Be glad to help you out. Just email me M E at Craig Peterson dot com. Or if you’re on my email list, you’ll get all of my weekly articles, everything I talked about here on the show, as well as my during the week little emails that I send out with videos that I’ve been doing.
I’ve been putting more together. Didn’t get any out this week I had planned to, but I probably will get them out next week. I was able to make a couple of this week and we’ll queue them up for the coming week, but you’ll get all of that. So just go to. Craig peterson.com/subscribe. You’ll find everything there. As part of all of that of course, you will also be getting information about the training that I do. I do all kinds of free pieces of training and webinars, and I’ve got all kinds of reports. One of the most popular ones lately has been my self-audit kit. It’s a little tool kit that you can use to audit, your business and see if you are compliant. It’s just a PDF that you can take from the email that I send you. If you ask for it, all you have to do is ask for an audit kit, put that in the subject line, and email firstname.lastname@example.org and we’ll get you going.
So I’ve had a few people who have this week said, Hey, can you help me out? What do I do? I help them out and It turns out when I’m helping them out, they’re not even on my email list. So I’ll start there. If you’re wondering where to start, how to get up to speed a little bit, right?
You don’t have to know all of this stuff like the back of your hand, but you do have to have the basic understanding. Just go online. And a signup Craig peterson.com/subscribe would love to have you there. Even when we get into ice station zebra weather here coming up in not so long, unfortunately, in the Northeast.
When you’re thinking about your computer and what to buy. There are a lot of choices. Of course, the big ones nowadays are a little different than they were just a few years ago. Or a couple of years ago, you used to say, am I going to get a Windows computer, or am I going to get a Mac now?
I think there’s a third choice that’s really useful for most people, depends on what you’re doing. If what you do is some web browsing, some email, and also might do a couple of things with some video and pictures and organizing you really should look at the third option. Which is a tablet of some sort and that is your iPad.
Of course, the number one in the market, these things last a long time. They retain their value. So their higher introductory price isn’t really a bad thing. And they’re also not that much more expensive when you get right down to it and consider the resale value of them. So have a look at the tablet, but that’s really one of the three major choices also today when you’re deciding that you might not be aware of it, but you are also deciding what kind of processor you’re going to be using.
There is a lot of work that’s been done going on arm processors. What they are called A R M. I started working with this class of processor, also known as RISC, which is reduced instruction set processors, many years ago, back in the nineties. I think it was when I first started working with RISC machines.
But the big difference here is that these are not Intel chips that are in the iPads that are in or our iPhones, they aren’t Intel or AMD processors that are in your Android phones or Android tablet. They’re all using something that’s called ARM architecture.
This used to be called advanced RISC machine acorn risk machine. They’ve been around a while, but ARM is a different type of processor entirely than Intel. the basic Intel design is to try and get as much done with one instruction as possible.
So for instance, if you and I decided to meet up for Dunkin donuts, I might say, okay, so we’re going to go to the Duncan’s on Elm Street, but the one that’s South of the main street, and I’ll meet you there at about 11 o’clock.
And then I gave you some of the directions on how to get to the town, et cetera. And so we meet at dunks and to have a good old time. That would be a RISC architecture, which has reduced instructions. So you can tell it, okay, you get to take a right turn here, take a left turn there. In the computing world, it would be, you have to add this and divide that and then add these and divide those and subtract this.
Now to compare my little dunk story. What you end up doing with an Intel processor or what’s called a CISC processor, which is a complex instruction set, is we’ve already been to dunks before that dunks in fact, so all I have to say is I’ll meet you at dunks. Usual time. There’s nothing else I have to say. So behind all of that is the process of getting into your car, driving down to dunks the right town, the right street, the right dunks, and maybe even ordering.
So in a CISC processor, it would try and do all of those things with one instruction. The idea is, let’s make it simple for the programmer. So all of the programmers have to do, if the programmer wants to multiply too, double-precision floating-point numbers, the programmer that if he’s just dealing with machine-level only has to have one instruction.
Now those instructions take up multiple cycles. We can. Get into all the details, but I think I’ve already got some people glazing over. But these new ARM processors are designed to be blindingly fast is what matters. We can teach a processor how to add, and if we spend our time figuring out how to get that processor to add faster.
We end up with ultimately faster chip and that’s the theory behind risk or reduced instruction set computers, and it has taken off like wildfire.
So you have things like the iPad pro now with an arm chip that’s in there designed by Apple. Now they took the basic license with the basic ARM architecture and they’ve advanced it quite a bit. In fact, but that Ipad processor now is faster than most laptop processors made by Intel or AMD. That is an impressive feat.
So when we’re looking a little bit forward, we’re no longer looking at machines that are just running an Intel instruction set. We’re not just going to see, in other words, the Intel and AMD inside stickers on the outside of the computer. Windows 10 machines running on ARM processors are out already.
Apple has announced arm based laptops that will be available very soon. In fact, there is a scheduled press conference. I think it’s next week by Apple, the 15th. Give or take. Don’t hold me to that one, but they’re going to have a, probably an announcement of the iPhone 12 and maybe some delivery dates for these new ARM-based laptops.
So these laptops are expected to last all day. Really all day. 12 hours worth of working with them, using them. They’re expected to be just as fast or faster in some cases as the Intel chips are. So ARM is where things are going.
We already have the Microsoft updated surface pro X. That was just announced about two weeks ago, which is ARM-based. We’ve gotten macs now coming out their ARM base. In fact, I think they’re going to have two of them before the end of the year. Both Apple and Microsoft are providing support for x86 apps. So what that means is the programs that you have bought that are designed to run on an Intel architecture will run on these ARM chips.
Now, as a rule, it’s only the 64-bit processes that are going to work. The 32-bit processes, if you haven’t upgraded your software to 64 bits yet you’re gonna have to upgrade it before you can do the ARM migration. We’re going to see less expensive computers. Arm chips are much cheaper as a whole than Intel. Intel chips are insanely high priced.
They are also going to be way more battery efficient. So if you’re looking for a new computer. Visual studio code has been updated optimized for windows 10 on ARM. We’re going to see more and more of the applications coming out.
And it won’t be long, a couple of years now, you will have a hard time finding some of the Intel-based software that’s out there.
“it won’t happen to me.” That’s our next topic.
We’ve got companies who are investing a lot of money to upgrade the technology, to develop security processes, boost it. Staff yet studies are showing that they’re overlooking the biggest piece of the puzzle. What is the problem?
Employee apathy has been a problem for many businesses for a very long time. Nowadays, employee apathy is causing problems on the cybersecurity front. As we’ve talked about so many times, cybersecurity is absolutely critical. For any business or businesses are being attacked sometimes hundreds of times, a minute, a second, even believe it or not.
Some of these websites come under attack and if we’re not paying close attention, we’re in trouble. So a lot of companies have decided while they need to boost their it staff. They’ve got to get some spending in on some of the hardware that’s going to make the life. Better. And I am cheering them on.
I think both of those are great ideas, but the bottom line problem is there are million-plus open cyber security IT jobs. So as a business, odds are excellent that you won’t be able to find the type of person that you need. Isn’t that a shame?
But I’ve got some good news for you here. You can upgrade the technology that’s going to help. But if you upgrade the technology, make sure you’re moving towards, what’s called a single pane of glass. You don’t want a whole bunch of point solutions. You want something that monitors everything. Pulls all of that knowledge together uses some machine learning and some artificial intelligence and from all of that automatically shuts down attacks, whether they’re internal or external, that’s what you’re looking for.
There are some vendors that have various things out there. If you sell to the federal government within three years, you’re going to have to meet these new requirements, the CMMC requirements, level three, four, level five, which are substantial.
You cannot do it yourself, you have to bring in a cybersecurity expert. Who’s going to work with your team and help you develop a plan. I think that’s really great, really important, but here’s where the good news comes in.
You spent an astronomical amount of money to upgrade this technology and get all of these processes in place and you brought in this consultant, who’s going to help you out. You boosted your IT staff. But studies are starting to indicate that a lot of these businesses are overlooking the biggest piece of the puzzle, which is their employees.
Most of these successful attacks nowadays are better than 60%, it depends on how you’re scoring this, but most of the attacks these days come in through your employees.
That means that you clicked on a link. One of your employees clicked on a link. If you are a home user, it’s exactly the same thing. The bad guys are getting you because you did something that you should not have done. Just go have a look online. If you haven’t already make sure you go to have I been poned.com. Poned is spelled PWNED
Have a look at it there online and try and see if your email address and passwords that you’ve been using have already been compromised. Have already been stolen. I bet they have, almost everybody has.
Do you know what to do about that? This is part of the audit kit that I’ll send to you. If you ask for that. Kind of goes through this and a whole lot of other stuff. But checking to see if your data has been stolen, because now is they use that to trick people.
So they know that you go to a particular website that you use a particular email address or password. They might’ve been able to get into one of these social networks and figure out who your friends are. They go and take that information. Now a computer can do this. They just mine it from a website like LinkedIn, find out who the managers in the company are.
And then they send off some emails that look very convincing, and those convincing emails get them to click. That could be the end of it. Because you are going somewhere, you shouldn’t go and they’re going to trick you into doing something. Knowledge really is the best weapon when it comes to cybersecurity.
A lot of companies have started raising awareness among employees. I have some training that we can provide as well. That is very good. It’s all video training and it’s all tracked. We buy these licenses in big bundles. If you are a small company contact me and I’ll see if I can’t just sneak you into one of these bundles.
Just email me @craigpeterson.com in the subject line, put something like training, bundle, or something. You need to find training for your employees and their training programs need to explain the risk of phishing scams. Those they’re the big ones. That’s how most of the ransomware it gets into businesses is phishing scams. That’s how ransomware gets down to your computers.
You also need to have simulations that clarify the steps you need to take when faced with a suspicious email. Again, if you want, I can point you to a free site that Google has on some phishing training and it’s really quite good.
It walks you through and shows you what the emails might look like and if you want to click or not. But there’s a lot of different types of training programs. You’ve got to make sure that everybody inside your organization or in your, family is educated about cybersecurity.
What do you do when you get an email that you suspect might be a phishing email? They need to know that this needs to be forwarded to IT, or perhaps they just tell IT, Hey, it’s in my mailbox, if IT has access to their mailbox, so IT can look at it and verify it.
You need to have really good email filters, not the type that comes by default with a Microsoft Windows 365 subscription, but something that flags all of this looks for phishing scams, and blocks them.
There’s been a ton of studies now that are showing that there is a greater awareness of cybersecurity dangers, but the bottom-line problem is that employees are still showing a lax attitude when it comes to practicing even the most basic of cybersecurity prevention methods. TrendMicro, who is a cybersecurity company.
We tend to not use their stuff because it’s just not as good. But TrendMicro is reporting that despite 72% of employees claim to have gained better cybersecurity awareness during the pandemic 56% still admitted to using a non-work application on a company device. Now that can be extremely dangerous. 66% admitted uploading corporate data to that application. This includes by the way, things like using just regular versions of Dropbox. Do you share files from the office and home? Dropbox does have versions that are all that have all kinds of compliance considerations that do give you security. But by default, the stuff a home user does not get the security you need. They’re doing all of this even knowing that their behavior represents a security risk. And I think it boils right down to, it’s not going to happen to me. Just apathy and denial. So same thing I’ve seen, being a security guy for the last 30 years, I’ve seen over and over, apathy and denial. Don’t let it happen to them.
By the way, about 50% believe that they could be hacked no matter what protective measures are taken. 43% took the polar opposite. They didn’t take the threat seriously at all. 43% didn’t believe they could be hacked.
We’re going to talk about Mac OS is driving cybersecurity rethink.
By the way to follow up on that last segment. So Millennials and Generation Z are terrible with security. They keep reusing passwords. They accept connections with strangers. Most of the time. If that’s not believable, I don’t know what it is. They’ve grown up in this world of share everything with everyone. What does it matter? Don’t worry about it. Yeah. I guess that’s the way it goes. Right? Kids these days. Which generation hasn’t said that in the past?
We were just talking about millennials, generation Z, and the whole, it won’t happen to me, employee apathy and we’ve got to stop that.
Even within ourselves, right? We’re all employees in some way or another. What does that mean? It means we’ve got to pay attention. We’ve’ got to pay a lot of attention and that isn’t just true in the windows world.
Remember we’ve got to pay attention to our network. You should be upgrading the firmware on your switches, definitely upgrading the software and firmware in your firewalls and in your routers, et cetera. Keep that all up to date.
Even as a home user, you’ve got a switch or more than one. You’ve got a router. You’ve got a firewall in many cases that equipment is provided by your ISP internet service provider. If you’ve got a Comcast line or a FairPoint, whatever, it might be coming into your home, they’re providing you with some of that equipment and you know what their top priority is not your security. I know. Shocker.
Their top priority is something else. I don’t know, but it sure isn’t security. What I advise most people to do is basically remove their equipment or have them turn off what’s called network address translation. Turn off the firewall and put your own firewall in place. I was on the phone with a lady that had been listening to me for years, and I was helping her out. In fact, we were doing a little security audit because she ran a small business there in her home. I think she was an accountant if I remember right. She had her computer hooked up directly to the internet. She kind of misunderstood what I was saying. I want to make clear what I’m saying here. People should still have a firewall. You still need a router, but you’re almost always better off getting a semi-professional piece of hardware. The prosumer side, if you will, something like the Cisco GO hardware and put that in place instead of having the equipment that your ISP is giving you.
We’ve got to keep all of this stuff up to date. Many of us think that Macs are invulnerable, Apple Macintoshes, or Apple iOS devices, like our iPhones and iPads. In many ways they are. They have not been hit as hard as the Windows devices out there.
One of the main reasons is they’re not as popular. That’s what so many people that use Windows say you don’t get hit because you’re just not as popular. There is some truth to that. However, the main reason is that they are designed from the beginning with security in mind, unlike Windows, that security was an absolute afterthought for the whole thing
Don’t tell me that it’s because of age. Okay. I can hear it right now. People say, well, Mac is much, much newer than Microsoft Windows. Microsoft didn’t have to deal with all of this way back when. How I respond to that is, yeah. Microsoft didn’t have to deal with it way back when because it wasn’t connected to a network and your viruses were coming in via floppy desk. Right? They really were. In fact, the first one came in by researchers. The operating system that Apple uses is much, much, much older than windows and goes back to the late 1960s, early 1970s. So you can’t give me that, it is just that they didn’t care.
They didn’t care to consider security at all. Which is something that’s still one of my soapbox subjects, if you will. Security matters. When we are talking about your Macs, you still have to consider security on a Mac. It’s a little different on a Mac. You’re probably want to turn on some things.
Like the windows comes with the firewall turned on however it has all of its services wide open. They’re all available for anybody to attach to. That’s why we have our windows hardening course that goes through, what do you turn off? How do you turn it off? What should you have in the windows firewall?
Now the Mac side, all of these services turned off by default, which is way more secure. If they’re not there to attack, they’re not going to be compromised. Right. They can’t even be attacked the first place. So I like that strategy, but you might want to turn on your firewall on your Mac anyways.
There are some really neat little features and functions in it. But the amount of malware that’s attacking Apple Macintoshes, nowadays, is twice as much as it used to be.
We’ve got these work from home people. We’ve got IT professionals within the companies, just scrambling to make it so that these people who are working from home can keep working from home. It’s likely a permanent thing. It’s going to be happening for a long time. But these incidents of malware on the Mac is pretty limited in reality.
The malware on a Mac is unlikely to be any sort of ransomware or software that particularly steals things like your Excel files or your Word docs on a Mac, I should say it is much more likely to be outerwear. It’s much more likely to be. Adware or some other unwanted programs and that’s, what’s rising pretty fast on Macs.
Mac-based companies are being concerned here about cyber security issues. They are paying more attention to them. They’re windows based counterparts have had to deal with a lot of this stuff for a long time because they were targets. So we’ve got to divide the Mac really into two pieces, just like any other computer. You’ve got the operating system with its control over things like the network, et cetera. Then you have the programs or applications, right? That is running on that device. So you want to keep both of them secure. The applications that are running on your device, Apple’s done a much, much better job of sandboxing them. Making them so that they’re less dangerous. The latest release, in fact, Catalina had a lot of security stuff built into that. Microsoft and Windows 10 added a lot more security. So that’s all really, really good.
Now, if you have to maintain a network of Macs, we like IBM software. They have some great software for managing Macs, but if you want something that’s inexpensive and very usable to configure Macs and control the software on them. Have look at JAMF, J A M F. They just had their user’s conference this last weekend. They were talking about how the landscape has changed over on the Mac side.
All right. We’ve got one more segment left today and I’m going to talk about these cybersecurity frameworks. What should you be using?
If you are a business or a home user, what are those checkboxes that you absolutely have to have to use?
You might’ve heard about cybersecurity frameworks? Well, the one that’s most in use right now is the NIST cybersecurity framework that helps guide you through the process of securing your business or even securing your home. That’s our topic.
It’s a great time to be out on the road and kind of checking in. We’ve got security threats that have been growing quite literally. Exponentially. They are really making a lot of money by extorting it from us, stealing it from us. It’s nothing but frustration to us.
It’s never been more important to put together an effective cybersecurity risk management policy. That’s true if you’re a home user and you’ve got yourself and your spouse and a kid or two in the home. Have a policy and put it together.
That’s where NIST comes in handy. NIST is the National Institute of standards and technology they’ve been around a long time. They’ve been involved in cryptography. These are the guys and gals that give us accurate clocks. In fact, we run two clocks here that we have for our clients, which are hyper-accurate. It’s crazy it down to the millionth of a second. It’s just amazing. That’s who NIST is.
They’ve put all these standards together for a very, very long time, but just before March, this year, It was reported that about 46 percent of businesses had suffered cyber attacks in 2019. That was up 10% from the year before. Of course, we’ve all been worried about the Wuhan virus, people getting COVID-19, it is a problem.
The biggest part of the problem is everybody’s worried about it. Nobody wants to go to work. They don’t want to go out to a restaurant. They don’t want to do any of these things. You as a business owner are worried about how do you keep your business doors open? How do you provide services to the customers you have when your employees won’t come in or cooperate or were paid more to stay at home than they would be to come back to work. I get it right. I know I’m in the same boat.
Well, because of that we just have not been paying attention to some of the things we should be doing. One of the main ways that business people can measure their preparedness and their progress in managing cyber security-related risks, is to use the cybersecurity framework that is developed by NIST. It is a great framework.
It provides you with different levels. The higher-end, the framework that is used by military contractors. Nowadays, we’ve been helping businesses conform to what’s called NIST 800-171 and 800-53 High, which are both important and cybersecurity standards.
So if you really, really, really need to be secure, are those are the ones you’re going to be going with. Right now, no matter how much security you need I really would recommend you checking it out. I can send you information on the NIST framework. I have a little flow chart. I can send you to help to figure out what part of the framework should you be complying with.
It also helps you figure out if you by law need to be complying with parts of the framework. It will really help you. It’s well thought out. It’s going to make you way more efficient as you try and put together and execute your cyber risk management policy. Remember cyber risk, isn’t just for the software that you’re running, or the systems you’re running. It’s the people, it includes some physical security as well.
Now President Trump has been very concerned about it. I’m sure you’ve heard about it in the news. As he’s talked about problems with TicTok and with Huawei and some of these other manufacturers out there. Huawei is a huge problem. Just absolutely huge.
One of these days I can give you the backstory on that, but how they completely destroyed one of the world leaders in telecommunications technology by stealing everything they had. Yeah. It’s a very sad story company you may have heard of, founded over a hundred years ago.
They’re non-regulatory but they do publish guides that are used in regulations. So have a look at them, keep an eye on them. They have to help federal agencies as well. Meet the requirements is something called the federal information security management act called FISMA and that relates to the protection of government information and assets.
So if you are a contractor to the federal government, pretty much any agency, you have physical requirements.
So think about that. Who do you sell things to? When you’re also dealing with the federal government they look at everything that you’re doing and say, are you making something special for us? If you are, there are more and higher standards that you have to meet as well. It just goes on and on, but this framework was created by NIST ratified by Congress in 2014. It’s used by over 30% of businesses in the US and will probably be used by 50% of businesses in the US this year.
So if you’re not using them you might want to have a look at them. It’s big companies like JP Morgan, Chase, Microsoft, Boeing, and Intel who meet a much higher standard than most businesses need to meet.
For a lot of businesses all you need to meet is what’s called the CMMC one standard. You’ll find that at NIST as well. And there are much higher levels than that up to level five, which is just, wow. All of the stuff that you have to keep secured looks like military level or better, frankly security.
There are other overseas companies that are using it too, by the way in England, in Japan, Canada, many of them.
I’m looking at the framework right now. The basic framework is to identify, protect, detect, respond, and recover. Those are the main parts of it. That’s you have to do as a business in order to stay in business in this day and age, they get into it in a lot more detail.
They also have different tiers for different tiers that you can get involved in. Then subcategories. I have all of this framework as part of our audit kit that I’ll send out to anybody that asks for it that’s a listener. All you have to do is send an email to me, M E @craigpeterson.com, and then the subject line, just say audit kit and I’ll get back to you. I’ll email that off to it’s a big PDF.
You can also go to NIST in the online world and find what they have for you. Just go to NIST, N I S T.gov, The National Institute of Standards and Technology, and you’ll see right there, cybersecurity framework, it’s got all of the stuff there. You can learn more here if you want. If you’re new to the framework they’ve got online learning. They are really working hard to try and secure businesses and other organizations here in the U S and as I said used worldwide. It’s hyper, hyper important. It’s the same framework that we rely on in order to protect our information and protect our customer’s information. So NIST, N I S T.gov, check it out.
If you missed it today, you’re going to want to check out the podcast. Now you can find the podcast on any of your favorite podcasting platforms.
It is such a different world. Isn’t it? We started out today talking about our cars. Our cars now are basically big mechanical devices ever so complex with computers, controlling them. But the cars of tomorrow that are being built by Tesla and other companies, those cars are absolutely amazing as well, but they’re frankly, more computer than they are mechanical car.
So what should we expect from these cars? I’m talking about longevity here. We expect a quarter-million miles from our cars today. Some of these electric vehicles may go half a million or even a million miles in the future. When they do that, can we expect that? Our computers get operating system updates and upgrades, for what five years give or take?
If you have an Android phone, you’re lucky if you get two years’ worth of updates. Don’t use Android, people. It’s just not secure. How about our cars? How long should we expect updates for the firmware in our cars? So that’s what we talked about first, today.
Ring has a new security camera that is absolutely cool. It’s called the always home cam. I talked about it earlier. It is a drone that flies around inside your house and ties into other Ring equipment. I think it’s absolutely phenomenal and it’s not quite out yet, but I’ll let you know more about that.
If you get ransomware and you pay the ransom, the feds are saying now that you are supporting terrorist organizations. You might want to be careful because they are starting to knock on doors, and there’s jail time behind some of these things. So watch it when it comes ransomware and a whole lot more as well.
So make sure you visit me online. Go to Craig peterson.com/subscribe. It’s very important that you do that and do that now.
So you’ll get my weekly newsletter. I’ve got some special gifts, including security, reboot stuff that I’ll send to you right away. Craig peterson.com/subscribe.
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: