[2021-06-19 Week #1118]

The Columbia lawsuit. This is just amazing. I’ve been telling businesses for a long time that insurance companies just are not paying out on many of these claims, the insurance companies come back to you after you’ve been hacked, or you had ransomware and you try and file a claim and say, okay, so no problem.

[00:00:20] Now you met all of these qualifications, right? And they have this big checklist. Everything. And I bet you most companies, if you have not seen this list would be totally surprised by what the insurance companies are requiring of you now, the same thing’s true of home users. If you look in your home policy homeowner’s policy, you probably see something in there that says ransomware or computer failures, et cetera.

[00:00:53] And they will cover dependent on your policy. Some amount of money, maybe it’s 10 grand, five grand could be a lot of different things and it’s not terribly expensive. Now you got to ask yourself, why is it so cheap, particularly when there are so many viruses, ransomware, Trojans, fishing, all of these things out there in the wild.

[00:01:15] And from a business standpoint, it costs a lot more. I know my business is paying a lot of money for the insurance. But we go through in detail, everything that’s right there in the policy. And we even ask for a list of everything kind of separate list, so that we know what exactly they want. So we’ve got to check the list and I can send it to, if you want, just go ahead and email me.

[00:01:40] So if you have a a hack, if you have ransomware and you have insurance, you’re probably going to file against the insurance, right? Because looking at all of these numbers, a medium, a small, medium business is going to be. But not a pocket about one and a half million dollars. And that’s, if they’re not paying the ransom, it’s really expensive is difficult.

[00:02:04] And if you’re a home user, oh my, you are, will never get your information back. You have maybe a 50% chance if you pay the ransom of getting. Your stuff back. Think about all the photos you have on your hard desk, all of the letters, all of the emails, same trick for business and to business. It’s not just all of the emails, it’s your contracts, it’s your plans, your intellectual property, everything that you can think of that’s out there.

[00:02:33]Getting it back. So this is interesting when we look at this. Company it’s called cottage healthcare systems. They filed a claim of more than $4 million against a breach. Now that is a fair amount of money, but it is not unreasonable for a medium-sized company. The SBA, the small business administration says that if you’re under 10 million in revenue, then you are a small business under 200 employees, right?

[00:03:05] It has those levels. So think of it that way, right? A small business is not necessarily just some home users. You can have some serious money involved in a small business. So they had claimed here this again, cottage health care systems that they had been just totally protected. At least not from the cybersecurity standpoint, but from the insurance standpoint.

[00:03:32] And for years, software vendors have assume that they can take that security risk and push it on to their customers. We’re seeing this a lot in the medical business with doctor’s offices. They’ve got these HIPAA regulations and they’ve got all kinds of private information. Plus they have payment card industry regulations that they have to fall under or agreement because they have credit card and other billing information.

[00:04:00] And of course the billing information that’s going to the insurance company has to be protected as well. And these doctor’s offices are making a very bad assumption that somehow they don’t have to worry about it. And the reason they don’t have to worry about it is it’s quite simple because I’m using a cloud service.

[00:04:20]Have you heard that before? Do you know anybody that said that? So I’m using the cloud thing now. Yeah. Yeah. I’m using salesforce.com for a regular business for your customer relationship management or all of these patient management systems that are out there. Now there’s some, I’m just shocked that.

[00:04:37] Won’t charge the doctor’s office, anything. And yet they’ll keep all of the client records for the doctor and supposedly keep it safe. Maybe they will, maybe they won’t. And then also on top of all of that, they’ll do the billing and that’s how they make their money because they shave a percentage off of every bill that they issue to the health insurance carriers.

[00:05:03]So these doctors are sitting there saying I’m using these online services. I’ve got Microsoft office email. I’ve got whatever it might be. Google has of course their professional emails too. And when those guys get hacked on fine, because they had my data. Reality is no, that is absolutely not true.

[00:05:26] And we’ve seen software companies, ship products. We’ve seen these cloud services deliver services with known vulnerabilities and expect the customer using the service or using the software to absorb all of the risk. And then the vendor of the services or software is protected from loss by. It’s insurer.

[00:05:50] So this is called shifting risk and the software companies can delay fixing vulnerabilities in their code and maintain their release schedules because they’re sitting there pretty thinking, oh, I’m fine. There’s no problem here. I got my insurance and it’s fine that the customer, that shrink wrap agreement, or maybe even it’s a contract that was signed, which is more true for doctors, offices and regular businesses.

[00:06:16] Says that the doctor’s office has a liability. I’m afraid to have to inform everybody here that you cannot shift that liability. The insurance company is not on hook for covering the damage. And this is a very big deal. And what I’m talking about is this insurance company called Columbia casualty, their division of this industry giant called CNA, which is a course in the insurance business.

[00:06:47] Oh, that’s what they do. So they had paid out. This four mill Morton for a million dollar claim and their suit that was filed by the insurance company against cottage healthcare systems said that they hadn’t kept their security controls up to date. And. When a breach occurred, they tried to put the insurance company on the hook to cover all of the damages.

[00:07:15] I’ve got a copy up on my screen right now from health it security.com. Talking about this. This is a, an older articles is in 2015, but even then we knew that you cannot fall back on your insurance. And that’s why, again, that’s why the rates are so cheap, right? They’re just not paying out. So the suit is still underway and it’s something we’ve got to pay close attention to because the court case documents are saying that Columbia quote, six declaration, that it has no duty to defend our identity and indemnify cottage in the underlying action.

[00:07:55] Or the department of justice proceedings. Yeah. Okay. Yeah. They’re DOJs in on this as well. So they had to end their practice of what they were doing and frankly, keeping systems up to date, having the minimum required practices, including yep. Replacing just basic stuff. Default settings in their it environment, checking for vendor supplied security patches, implementing the patches within, 30 days, something reasonable.

[00:08:25] Most of us delay putting patches in place for least a week. You guys you’re the best and brightest, if you put a patch in. The Jess came out, it might make things a little unstable, right? So a lot of us wait for, I think good reason, frankly. So the bottom line is this is again, over the course of seven years here, insurers understand that not all breaches are inevitable.

[00:08:52] And that the companies here, the healthcare companies, the software vendors, the cloud vendors have to do more to protect their clients. But from what I’m seeing, it just is not happening. It’s not happening at all. We are getting people who are looking at an equation differently than you or I do. Look at what happened with the colonial pipeline.

[00:09:17] What do you think was happening in the board of directors meetings before the security breach? The same thing with TJX, same thing with home Depot, same thing with that, that meat packer, all of these guys. What do you think they were saying? They were saying, okay, Mr. It direct director. How much is it going to cost us to have good cyber security?

[00:09:37] And the it director is going to say, okay we need some really great hardware. We need also software. We needed on all of the workstations. We need smart switches so we can trace things when they’re inside the network. We need 24 hour manned security operation center with at least one person.

[00:09:57] So that means four people, right? Because three people, plus people have to have vacations people go on training. I know my people spend at least a quarter of their time in training. Let me see that, over the course of a year, it’s probably going to be five to $10 million minimum. And so the board of directors says five to 10 million.

[00:10:17] Oh, okay. How much is it going to cost us? We get breached, oh, maybe 5 million. Forget it then we’re not going to secure our systems. And I’m not saying that this is the conversation colonial had. I’m saying this is the type of conversations businesses are having and they should not be having, because frankly.

[00:10:37] It is not only illegal because you are supporting terrorists by paying these ransoms, but you’re hurting yourself and your customers stick around.

[00:10:48]Craig Peterson: Tesla has a number of cars out. And these things I think are just totally cool.

[00:10:53] My daughter ended up buying one she’s over Norway. So of course it was heavily subsidized by the Norwegian government. They get a 25% discount. Yeah. That actually is Tax. Yeah, so they don’t have to pay the sales tax, which is 25%. Okay. No way is not as social as nation, but they sure tax the living daylights out of everybody, but they allow business to do what it needs to do and move with far fewer regulations.

[00:11:26] But anyway, so this isn’t a political discussion. She loves her model. Absolutely loves it. They just drove it from Norway all the way back down to Belgium, which is where her husband’s from. And they own I guess a condo bought an apartment down there, right on the sea coast in Belgium. It’s really a beautiful area, but they love it.

[00:11:48] They had to stop twice to charge it up while they were on their way. You might’ve heard that the Tesla model S long range just got a rating of 405 miles of total range with a combined city highway MPG, E of one 20. So there’s some things I need to explain here. First of all, this 405 miles and total range, it is not going to get that up in the Northern part of the United States when it’s cold outside.

[00:12:23] You will be getting above 200 miles may be 300 miles out of it, because again, you’re running the electricity through resistors in order to keep yourself warm and then you’re not going to get it when you have the air conditioning on high. If you’re living in the desert Southwest, for instance, or in Florida, trying to keep that humidity down.

[00:12:44] But the EPA came up with this MPG rating so that you could compare cars and how efficient they are. It’s not going to give you any information about how much it’s going to cost to run the car. It’s just looking at these different cars and coming up with an idea of how much how efficient they might be, how much electricity they’re going to use.

[00:13:06] So I’m looking right now at a chart. That’s comparing side-by-side. These Tesla models. So the model asks long range is rated at 120. MPG. So that’s miles per gallon electric. They have a really weird way of figuring this thing out. Let me tell you very strange. They’re trying to figure out well, what is the amount of energy available in one gallon of gasoline?

[00:13:38] And then once the electrical leak.  of that one gallon of gasoline, considering the gasoline goes from the tank out to the wheels versus an electric motor where it’s right there at the wheel running that electric motor, they are not necessarily right at the wheel. Sometimes there’s a drive train involved.

[00:13:57] Okay. So I don’t want to get too technical on it. The model ain’t. As long range plus is rated at 117. So it’s pretty good, but you can use that now. Number to compare electric cars. It’s not a comparison with a gasoline car, and it’s not really telling you how much it’s going to cost to drive because the EPA is using.

[00:14:20] Average costs of fuel across the United States is not what you are necessarily going to pay. All right. So you’ve got to pull all of that in. So very cool. Congratulations. If they really are getting 400, 500 miles on a charge, that’s wonderful, but I know the way I drive, I w I will go down. For instance, we drove to Florida, not too long ago.

[00:14:46] And the drive to Florida took a couple of days in my car and, we stop and fill it up. A fill up, takes about 10 minutes. My daughter was saying her model three they didn’t run the battery all the way down and they didn’t fill it up all the way. And it was about 20 minutes stops. Now this is in Europe.

[00:15:06] And in Europe, they have a lot of recharging stations and these recharging stations can provide a lot of electricity. You’re not just taking the car and plug it in into a wall socket. So when I’m driving down to Florida, I got, I have to stop at one of these rappers. But in charging stations in order to stand a chance of being able to get it to charge, but I’m going to a hotel.

[00:15:31] We stayed at a hotel at night that most of these hotels do not have the rapid charging stations at them. And if I’m lucky, I have some way to plug it in. I remember I was driving my Mercedes diesel. I was down in Connecticut and middle of winter. It was very cold out. And I couldn’t find this was a big brand named hotel.

[00:15:54] I could not find a place to plug my old Benzin because remember I have 19 Haiti, Mercedes-Benz diesel, and I knew that if I didn’t keep it plugged in, I’d never get it started the next day. So of course I wasn’t able to get it started the next day. And I had the hotel, they found a 200 foot extension cord for me and they ran it out of a conference room over the hill, down to my car.

[00:16:17] We plugged it in and got the engine warmed up. So we’re not as ready for it as they are over in Europe, but we have to start thinking about it. And one of the things that Tesla does is they charge you for pretty much every feature it’s not. What you might call a menu list of options. Yeah. There are some options that you can get on it.

[00:16:42] And one of them is the autonomous mode and Tesla has continually cranked up the cost of this autonomous mode. I think it was like two grand initially. And now it’s up to four or $5,000 for it. So the Tesla thinks while you will pay for it and we’ll get the money from you all at once. Of course there’s financing and stuff involved, but that’s a different part of the transaction.

[00:17:07] To me, it makes sense. Tesla is a company that he is sitting now a little cash, but they’re trying to be cash positive and they would rather have your money today for an option that isn’t even really available yet. Then wait and get the money from you later. So that’s, what’s Tesla’s strategy is on the opposite.

[00:17:29] End of that. Spectrum is Volkswagen. Of course the people’s car it’s been around for quite a while and it is made in Germany and they had a great meeting of their board very recently. And they’re looking at how do we charge for things like autonomous mode? What do we do? If you look at what the computer industry has been doing for a very long time, I remember this one, our IBM 360 back in the early seventies.

[00:18:00] And. If you needed an upgrade, this wasn’t just true of IBM. This is true of controlled data of everybody. If you wanted an upgrade, you want it to be faster or basic upgrades without rolling in more memory. Yeah. They used to roll it in on pallets to get another, a 64 K of memory. It was just crazy. Anyhow.

[00:18:24] If they were going to give you an upgrade. They would have a technician come in and effectively turn what we call affectionately in the industry. The golden key and digital equipment did the same thing. You could get a speed improvement by just having the technician come in and turn the golden key. In some cases it was actually located and it was a key hole right behind the main console on the front of the computer and other cases, it was a little bit of software that they.

[00:18:54] Installed and Volkswagen is saying maybe what we should do instead of yeah. What Tesla does and have an extremely expensive car that people can’t afford. Not everyone can afford, we’re talking 120 grand for that Tesla. I was just talking about it. The high end, maybe what we should do is give this golden key concept.

[00:19:13] I’ll run. So they’re saying maybe just like you would have an Uber driver drive you somewhere. Maybe the way to do this is charge you $8 and 50 cents per hour for you to use a Volkswagen’s fully autonomous mode. I think that’s a great idea personally, because you’re going to be driving the autonomous car yourself.

[00:19:40] When you’re in the city, most of the time, that’s where I’m driving. It’s just those trips to Florida. I’d love to have that autonomous mode stick

[00:19:48]Craig Peterson: Bitcoin has been around now for quite a while.

[00:19:53] I explained this week too, in my newsletter a little bit about what happens with Bitcoin. Oh, speak to the newsletter, make sure that you caught my newsletter this week. If you didn’t send me an email me@craigpeterson.com, I can send it to you. But I sent out that video. I’ve been promising of how. To block this Russian malware ransomware by installing the rushing keyboard.

[00:20:21] And it’s it’s online. In fact, it’s on my website. You can just find it@craigpeterson.com. If you don’t have the newsletter, it’s in there as well. But Bitcoin has been seized last year. There was this whole seizure of more than a billion dollars in Bitcoin. Yeah. A billion dollars. And again, wow. You can tie, you can’t find out who has what or where it is.

[00:20:50] You can’t. So you said, obviously that’s wrong. This billion dollars last year was seized from something called silk. Road. This was a dark net marketplace and they specialized in mail order narcotics. They had all kinds of different things that they were selling. Basically, if it was illegal and shippable or viewable online, you could get it on the silk road.

[00:21:17] It was really that simple. They arrested this Ross Albridge guy. He was called dread pirate Roberts. And this was when he was working at Glen park branch library in San Francisco. They did that, so he couldn’t shut down his computer. So they were able to maneuver some of the evidence that they found that allowed the FBI to seize 174,000 Bitcoins from him.

[00:21:43] It was worth about $105 million at the time. And they later sold the cryptocurrency at auction and he was sentenced to life in federal prison. Very big deal. And then now what we’re looking at is something a little bit different. We’re considering what happened with the colonial pipeline. And there have been some leaks, some people who are saying they’ve got some inside information, so we’ll be talking about that as well.

[00:22:11] But apparently what happened at colonial is the one of these international police organizations, probably one of these Interpol countries or Euro poll had been tracking some of the bad guys who had been running this ransomware operation. And while they were tracking them, they seized some information, apparently unbeknownst to the hacker, they seized information about the Bitcoin wallet that this hacker was using.

[00:22:48] Oh, a Bitcoin wallet is something that has a password on it. It keeps your Bitcoin account numbers and these huge. They’re not random numbers, but there are some random numbers for the passwords and your digital wallet number, but these huge numbers that are prime numbers that are used as part of the whole Bitcoin blockchain thing.

[00:23:11]Yeah. One of these international police organizations had the key to this guy’s wallet. So when dark side was paid that four and a half million dollar ransom, the FBI was able to track what wallet it was. Cause remember the whole idea behind Bitcoin and blockchain. Is that not that it’s secret. At all.

[00:23:37] In fact, there are hundreds of copies around the world about the transactions that are being conducted in Bitcoin. And that’s why you have to use some of these clearing houses. But just trying to keep this simple, these ledgers are everywhere. So the FBI was able to track the money. It apparently moved three times the day after colonial pipeline paid the ransom.

[00:24:02] And they were able to see which wallets it went into as it was moving around. And then when it ended up in a wallet that they knew about, and in fact even had the password for, they were able to grab that money. And that’s exactly what they did. So again the bad guys, aren’t the smartest cookies out there.

[00:24:25] And apparently the other thing the FBI has been doing is watching the transactions when people are converting Bitcoin. Into hard currency, like us dollars or euros, whatever it is. So they’re watching those transactions so they know, oh, okay. This wallet now took a half a Bitcoin out and converted it into cash.

[00:24:51] They’re tracking this. And so they know who had the cash, what bank that cash went into, because oftentimes it’s just your bank account number that’s associated with it. And so the cash goes right there into the bank account and the FBI knows it. So later on, if you use your wallet for some transaction, they know you use the wallet it’s in the ledgers that everybody that has part of that blockchain has access to.

[00:25:19] And they can now track you. So they’ve been a lot smarter about this when you are either converting your hard currency into one of these cryptocurrencies or you’re converting your cryptocurrency into hard currencies. So they have been doing that as well. And it was the FBI office in, I think it was San Francisco, Northern California that kind of figured this all out law enforcement.

[00:25:46] The FBI have been really. Really good about some of his stuff lately. So the assistant director of the FBI’s criminal investigative division, his name is Calvin shivers. Talked about an operation. They called Trojan shield at a press conference about a week ago in the Netherlands, in the hog. This is just amazing because what they were able to do is cry, criminals, encrypted communications.

[00:26:18] Now here’s what they did. They came up with some software that they called a nom. A N O M. And in order to use this Anom software, you had to get as special phone and that phone had their cell leader disabled to have the GPS disabled. And then you could run this Anom on your phone. And so the bad guys were just totally in love with this, because it’s everything that they’d want.

[00:26:50] It’s a coconut dagger thing. Oh, I’ve got to get one of these special phones where cellular is turned off. So I can’t be tracked by cellular GPS turned off. So I can’t be tracked by GPS and run this special Anom software. And they were able to trick the bad guys into recommending this software to their friends.

[00:27:13] Guess what? It was software that the FBI had. They use it as a honeypot and they worked with a global network of different law enforcement agencies and they monitored every message written, every image, video that was sent across the service. So they decided, okay, we’re going to do this the swoop now.

[00:27:38] And it’s crazy because they knew everything that was going on. And the bad guys thought they had no idea. This is the large scale series of police operations, 16 countries, more than. 800 arrests, the seizure of more than eight tons of cocaine, 22 tons of cannabis and cannabis resin, two tons of synthetic drugs, six tons of synthetic drug precursors, 250 firearms.

[00:28:08] 55 luxury vehicles over $48 million in various worldwide currencies. And cryptocurrencies says zero pole. Wow. Hey, this is amazing led by Australian federal police and the FBI, as well as the Dutch national police and sweetest Swedish police. Absolutely amazing. Hey, you bad guys out there pay attention because the law enforcement may have been behind, but boy, are they catching up?

[00:28:40] They’re going to get all of these scoffed laws.

[00:28:42]There are some amazing things, out there that’s happening with self-driving cars.

[00:28:47] I am so excited about it. The future holds we’re not that many years off considering what is it now? 140 years really since the automobile hit the road. And what’s really funny is some of those very. First automobiles were electric. I was looking at some pictures this week of a show where they had all of these old vehicles.

[00:29:12] Like some of them, they called ancient and they initially looked like just a regular carriage minus the horse. And frankly, that’s probably what they were a number of these companies are making them use to make carriages. And so they look funny and they had in them batteries. Lead acid batteries.

[00:29:33] So you’d charge these things out. They probably take you a few miles before the batteries ran out. They didn’t go very fast. The first one was, I think it was like one in a quarter horsepower on the electric motor that was driving the vehicle. But that is pretty darn cool. Of course. It fell off of favor because it’s so much more efficient and effective to just burn more fuel.

[00:29:59] And one of the very first engines ever made was a diesel engine, and they’re just amazing technology fast forward to today. And we’re going. Back to that. There are some real advantages to electric vehicles. Hey, you’re not really reducing anybody’s carbon footprint, but what you are doing is having a very clean vehicle going down the highway, that vehicle not considering as manufacturing.

[00:30:25] Not considering that they used coal or natural gas or even wood products to generate that electricity. All of that, aside that car going down the highway, it’s nice and quiet. It’s pretty darn safe. Tesla broke the testing equipment when they first were being tested for the crash impacts. And they’re also.

[00:30:49] Oh, very clean. I don’t mind following the electric car, Ryan. I’m not getting all those nasty odors. Did you get from like a Harley? That’s been detuned by somebody that fought that allowed motorcycle made them even cooler than they were before. Yeah. Yeah. I have opinions about those types of writers.

[00:31:07] Anyhow. We have a big announcement this week. In fact, two of them from Waymo, Waymo started as Google’s self-driving car project back in 2009, and then it was spun off. And that has had some amazing rounds of funding. They had a three and a quarter billion dollar fundraiser in 2020. Isn’t that amazing. So that was the first time Waymo had turned to investors beyond Google and the round was over subscribed.

[00:31:43] If you know what that means. And then in other words, it was very popular and there are number of. Big names that really backed what Waymo was doing and were part of that three and a quarter billion dollar fundraising. They include Andreason AutoNation Canada’s pension plan, fidelity, Magna Perry, crude Capitol, silver lake T Rowe price and others.

[00:32:09] It was just absolutely amazing. Now that was beyond the five and three quarters. Billion dollars raised from the two weeks journal round. Isn’t that? Isn’t that something? Just, they just announced this last week that they raised another. Two and a half billion dollars in the second external funding round, the Google’s parent company alphabet says that shows investors are patient when it comes to commercializing autonomous technology.

[00:32:40]What is happening with Waymo? Waymo still is using LIDAR, which is phenomenal technology. We’ve had the LIDAR people on my radio show before where we talked about what the tech was and LIDAR. Now they’ve. Got it down to the size of a hockey puck, but it’s different than what has been used by Tesla.

[00:33:02] Tesla’s using cameras, a lot of them on the cars, and then it has to process it, try and figure out what they’re seeing. And of course they have to be able to see it or in order to even process it. However, with LIDAR, you do have potentially cameras on the vehicle, but it’s using a radar. Basically, and these lasers to have a complete map of everything down to in some cases, millimeters, but most of the time it’s centimeters and resolution.

[00:33:34] So the car can see, they can dry everything out. That’s on the road. They know that’s a pedestrian or a cyclist or a car, et cetera. So it’s very cool. And I’m looking at a picture right now. That’s in the newsletter this week of. A truck. This is a Waymo truck. It’s one of their test vehicles looks like it’s a Peterbilt and they have the LIDAR on the truck as well.

[00:34:00] They’ve got two LIDAR units, typically on a car. You only have a single. I had our unit and they’re very expensive to, at least for now, we’ll see where this ends up going. So that’s all well and good, but what is absolutely going to put the nail in the coffin of many competitors, frankly, at least for these massive amounts of fundraising is the announcement with JB hunt.

[00:34:24] If you’ve driven on our highways, you have seen trucks and trailers with the JB hunt logo on them. These guys haul cargo and a lot of it here in the United state and Waymo nouns that it’s working with this trucking company, JB hunt to autonomously haul cargo loads in Texas. Now they’re not completely autonomous.

[00:34:51] We’ll get into that in a second, but these are the big Griggs. These are class eight trucks. They’re really quick with this whole autonomous driving software and the hardware systems, Waymo calls, there’s Waymo driver, and it’s going to be running on I 45 in Texas. If don’t know where that is.

[00:35:11] They’re going to be hauling cargo between Houston and Fort worth. That is going pretty much all the way up the state, at least up to the neck of the state, not including the panhandle of Texas all the way on down, to of course the Gulf coast. That’s where Houston is. So the trucks are going to have all of this new software they’re going to have.

[00:35:34] Also cameras on them so they can record exactly what’s happening. So that’s part of the hardware package and they’re going to have a train truck driver and Waymo technicians on board. And the idea is they’re going to supervise it. They’ll probably, log things as they’re going, Hey, this didn’t happen quite right.

[00:35:55] That didn’t happen quite right. And there we’ll be sending that information back to Waymo who will be making modified case into the software. So this is going to be an intuitive process, but Waymo has been testing these trucks in the Atlanta area since 2018. So that’s phenomenal. And what is really making this week’s news now?

[00:36:18] Announcement. Most noticeable is because they now have a partnership with a major truck operator, which is just phenomenal. So here is a statement from Craig Harper. He’s the chief sustainability. Officer over at JB hunt. This will be one of the first opportunities for JB hunt to receive data and feedback on customer freight, moved with a class, a tractor operating at this level of autonomy.

[00:36:48] While we believe there will be a need for highly skilled professional drivers. For many years to come. It is important for JB hunt as an industry leader, to be involved in early involved in the development of advanced autonomous technologies and driving systems. I know this is just amazing. This is in an article from arts Technica, because I think JB Hunter’s right about this.

[00:37:14] This is the future. Now how long will it be before these various autonomous vehicles are out there driving? How long will the truck drivers be able to have the types of jobs they’ve had for so long? I don’t know, obviously JB hunt doesn’t know whey Mo doesn’t know, but we’re suspecting that the first step here is going to be the long haul portion of the truck’s journey is going to be autonomous.

[00:37:45] So you’re going to be able to be driving down major freeways here in the us. And there will be truck after truck driving pretty darn close together, which is gonna make it tough for you on a two lane road to to pass them and going between them. Although they will make some space, but they will make our roads much less jammed by traffic because all of these autonomous trucks.

[00:38:12] Are going to move in or whatever the speed limit is. They’re going to have minimal spacing between them, which is going to be really good as well. And they’re not going to be doing stupid things like pulling out in front of you that causes you to hit the brakes. And when people hit the brakes, it causes the traffic jams, which cause accidents, which cause more traffic jams.

[00:38:33] So they’re just going to stay in their lanes. They’re going to be going the speed limit and our roads are going to be safer just because of that. But that last mile and that first mile or aware of things in me, different. So you’re going to see staging areas, what we have in so many parts of the country where you are carpooling into a big city.

[00:38:55] So the truck will have a regular driver. Who’s a short haul driver now and is going to drive that truck up to the staging area. Maybe he’ll drop. The load, maybe he’ll get out of the truck and take your Uber back to the the next assignment. And then that truck is going to get out on the highway.

[00:39:15] Obviously it needs to be inspected. And so there’ll be inspection safety lists, and ultimately that’ll be done by robots as well. And then the truck gets on the highway down. It goes. And it gets to its destination area again, the last mile, which might not be a mile, it might be 10, 20, 30 miles. Depends on how dense the population area is.

[00:39:38] And that’s one of the interesting things about Houston. There’s a lot of people in Houston and also frankly, in Fort worth more in Dallas, but in Fort worth as well. So that driver will then pick up. The truck right there outside Houston and we’ll drive at that last mile to deliver their load to wherever it might be.

[00:39:59] This is going to be incredible when it actually happens is going to cut down the costs of driving on the highways. Taking all of our supplies that way, I’m a big fan of rail. I think rail makes a lot of sense, certainly for the route from Fort worth down to Houston. Cause there’s already major rail lines, but we subsidized trucking so heavily here in the U S with our roads that I don’t know that they’ll ever come back.


[00:40:27]This whole cyber warfare thing has been really something, frankly, we are in a war and I’ve said that before it’s a cold war.

[00:40:36] Hopefully it will never become a hot war, but we are being attacked like crazy now. We have attacked other people as well in the cyber realm. We certainly attacked Iran along with Israel, the two of us working together, and we’ve probably been involved in some other things. There’s one or two attacks that happened in Russia.

[00:40:59] That were probably us, but we never really took credit for unlike the Uranian attack. We are being attacked by criminals and by government. So it includes governments like North Korea that really are attacking to get hard currency. It is one of the major ways they generate money in North Korea is by attacking either people and then not holding things rant.

[00:41:27] Doing various other things. They get the Sony breach, which was just absolutely amazing. And they hold it over your head. What are we going to do about it though? That’s a big question. We all know we’re constantly under attack and I’m going to by way of full disclosure here mentioned that I am working on something right along these lines for the small business and home user, but primarily the small business, very small business.

[00:41:55] 10 people or more, but let’s talk about what I think the answer is. And of course, I think it’s the answer. So that’s what I’m going to do. But th these cyber attacks are constant. They’re everything from annoying to devastating. I look at the logs on our machines and our clients’ machines, and we’re seeing hundreds of attacks, sometimes hundreds of attacks a minute.

[00:42:17] It’s just insane. And these devastating attacks down. Parts of our infrastructure are really big deal. So what does president Biden do this week? When he’s meeting with president Putin, president Biden gives him a list of what we consider to be our critical infrastructure. Yeah. Yeah. He said don’t attack these please.

[00:42:41] Now of course, what’s he going to do? He’s going to attack those because they are a part of the critical infrastructure. Thank you, president Biden for giving me Mr. Putin, president Putin, a list of targets. I should go after. I I think that was just absolutely ridiculous, but he also seems to have been drawing a line in the sand, right?

[00:43:02] This red line. President Obama did that before and he kept shifting the line and president Obama, wasn’t the first president to shift the line, but our message to Russia is not clear. There’s nothing behind it. And it’s bended knee time. And the same, thing’s true with China because they’re coming after us.

[00:43:21] They know so many of our military secrets look at their latest jets. Look at their ships. They are based on us designs. Engines on them are based on us designed because bottom line, we are not secure. So let’s get into this. What have we been using for our cybersecurity? And the answer to that is for decades, what we call.

[00:43:50] A signature analysis. So basically think about the SARS cov two virus SARS. COVID two hit us and hit us fairly hard. No question about it. People died and that’s not a good thing, but it did hit us pretty hard. Why did people. Why did we need to have some sort of a shot in order to help protect us from the SARS cov two?

[00:44:18]The answer is we did not have natural immunity. Now you could argue about the shots, right? But we didn’t have natural immunity. If you’ve had a specific virus. The odds are very good that you have T cells, the T cells remember the old viruses that have attacked us in the past, and we can quickly Mount a defense.

[00:44:41] So those T-cells recognize it and say, okay, I know how to deal with this. This is a bad thing. It’s got this Corona head on it and it’s all. Yeah, this is SARS cov two. So it then starts to generate the right antibodies and off we go. That’s what we have been using for decades. Now, these rules based systems, and they’ve been applied in cybersecurity to detect malware signatures.

[00:45:10] You got a virus. They would look at that virus. They’d find strings inside. No, but the strings could be, that could be a name, that’s certainly happened before. It could just be instructions that are part of it, but some sort of a signature. Sometimes you can just check some something and then compare that check some as a signature against known malware that’s out there.

[00:45:34] That’s what your Norton does. That’s what your McAfee does. That’s what pretty much all of the antivirus software. Dies. And frankly, that’s also what we see happening with our firewalls that we’re using and all of the security equipment. It’s very basic. Those signatures are designed to look for known insider threat pattern.

[00:46:00] So they look and they say, oh, okay, I’ve seen this before. I know how to respond to it. I’m going to cut it off. Hopefully that’s at the firewall. Most of the time, we’re not running next generation firewalls. So the firewall doesn’t detect it. It gets onto the network gets onto a computer and hopefully the computer recognizes it.

[00:46:20] But the problem there is the one word known it’s looking for known insider threat patterns. That’s a real problem because what we’re seeing now are unknown threats. The unknown, insider threat, someone who is working for you and is trying to exfiltrate some of your data. Maybe it’s a salesperson who’s thinking about leaving and wants all your client list.

[00:46:48] Maybe it’s an engineer, man. Would have we seen that before? Just ask Tesla or many of these other big companies about it, someone sinking to leaving. So they might as all put a few things in their pocket, besides the pencil on the way out the door. Those are insider threats. How do you recognize them? And I’ve been working on that for years.

[00:47:09] I had a product that would look at all of the access to a file server, a windows file server, and would try and do some comparisons on it. And you know what, it did a half decent job, but that was years ago. I again, was looking for known patterns. So in other words, how they’re pulling out data and they’re not supposed to, why is that sales guy into the payroll?

[00:47:34] Those sorts of things. We need to move into AI, artificial intelligence, machine learning, whatever you might want to call it. We’re not talking about Skynet here. We’re talking about something that’s really rather basic, just some form of an AI that looks for patterns. And that’s what I’m working on right now at the low end, because we’ve got some of these, the very high end, but AI has the ability to do some self-love.

[00:48:03] And that’s the big deal. They can learn more about malicious activity, about patterns that they’re seeing. These insider threat patterns, external threat patterns, and these AI methods now can even learn based on data that could already have the threat activity. In it and it learns from that. And then it is it out to others.

[00:48:28] That’s part of the reason we use the high end Cisco stuff for our clients that want real security because it learns, it, figures it out and it shares it with thousands of other of these high end, Cisco firepower firewalls with all of the other software that’s in behind. This is a very big deal because AI can synthesize the difference between normal router outages, for instance, or it’s a botnet attack.

[00:48:57] It’s an attack from a Russian. Who might be trying to do distributed denial of service, which has been way up in the last year. So in, in this cyber cold war, we really have to assume that our defenses have been breached and our adversaries are already in our systems. The great article here, I just quoted that from dark reading, by Nancy Grady.

[00:49:23] She’s the chief data scientist and solution architect. But here’s the real big. She’s a data scientist. That’s where it’s moving. That’s why I’m putting together the software using other people’s software. So these, this, for instance, advanced malware protection stuff, information that’s coming out of an active directory server and feeding it into an artificial intelligence engine that I have already done some training on, and then have it look for things that I think is where we need to.

[00:49:59] We have to search for unknown patterns of malicious activity. Artificial intelligence really is the arms race. And China has said that by 2030, it will be the world leader in artificial intelligence. Remember Google you’ve heard of them. Alphabet, which is the parent company to Google decided it would move its artificial intelligence lab to China.

[00:50:22] Thanks, Google for giving away all of our advantage in the AI. Absolutely where we will end up with this cold war. Arms race is having artificial intelligence, trying to defend against artificial intelligence, trying to attack. Now, it’s really interesting looking at how AI has been used in other fields.

[00:50:44]And in fact, w they’ve had AI generating fakes and AI trying to detect the fake. So going back and forth, improving both of them will survive. But right now we have to change our approach and change it in a very big way because our resiliency in our businesses and as individuals, we can’t you, this is a costly option anymore.

[00:51:09] We can view this as just a mathematical equation. Hey, it’s cheaper to pay the fines than it is to keep our data safe. We have to make it apart in a central part of doing business.

[00:51:22]There are some really interesting bills that are trying to pass through Congress right now that are designed to help protect us. And it’s interesting because we’re seeing these brick and mortar retailers, including home Depot, Walgreens, JC penny would support these bills versus the online retailers like Amazon.

[00:51:46] At C E eBay Poshmark and others who are arguing that this new legislation is going to hurt small sellers, particularly home sellers, great article from ours, technical by Tim to chant this week. And I’ve got it in my newsletter. So I’ll make sure you double check the news. But these bills have come out now as brick and mortar retailers have lost ground to online retailers through the lockdown in 2020, 20% of consumer retail purchases were made online.

[00:52:22] Compared with 14% in 2019, but the legislation is also being proposed in response to this slew of counterfeit stolen and dangerous items that have shown up on these various online retailer websites. Now we know that there are problems with some of these. For instance, there are all kinds of fake reviews.

[00:52:48] And a while back, I talked about them here on the show, what you can do in order to tell if it’s a fake review or not, you can just do a search for Craig Peterson, fake Amazon reviews, and you can listen to that segment that I did. It is usually not that hard to tell, but that’s how we’re valuing things.

[00:53:10]We go online. We’re trying to evaluate most of the time when you’re looking to get something you’re not looking for all of these things that you want. Yeah. Yeah. Okay. There’s that. But you’re primarily looking to eliminate things. So you can I’ll kill that one. It’s not going to work for me. That was not gonna work for him.

[00:53:28] That was my coworker. Okay, good. So I only have this one thing left, so you’re not really having to make a decision that when you go to Amazon, people are looking at that rating. How many people have rated it and how high is the rating? And you’ll probably read a few of the reviews and Amazon will usually mix in some lower star reviews.

[00:53:52] Just to make it seem a little bit more legitimate, but many of these vendors are doing some frankly unethical things. For instance, they will go and say in your product when they’re shipped to you, if you go ahead and give us a review and send us a copy of the review, we will. Shippy another one or the next one we’ll give you a discount on or a lot of different things.

[00:54:16] And so people are incentivized to give reviews, which I guess isn’t bad, but unfortunately, a lot of people are, have been incentivized to give bad reviews because. Even companies out there that you can hire to have people do reviews. So one of the ways to tell if a review is fake is read some of those reviews.

[00:54:37] Let’s say that the review was for some I lash mascara or something. Okay. So it’s for mascara and you’re reading the reviews and it says yeah, this supports far more weight than I thought it would, or, yeah. Th this has been running really well for me. Do those sound like they’re talking about mascara or something out because oftentimes these fake reviews are just generic ones that have they’ve hired people to go ahead and post them online.

[00:55:08] When we’re talking about these bills, though, where we’re really worried about is, or who is really the second. If you buy something from Amazon, you may not actually be buying it from Amazon. Amazon’s become much more clear lately. If you look at something you can see it’s actually shipped from company X or Y whatever it might be.

[00:55:35] And it’s not really well, maybe it’s shipped by Amazon, but it’s provided by company X and the way Amazon’s business model generally works is. You have a product that you want Amazon to sell. So you ship a certain amount of that product to Amazon. And usually Amazon dictate how many they want to have on hand.

[00:55:56] And now it’s an Amazon’s warehouses and that way they can ship it out in a day or two, depending on the product, et cetera, et cetera, they don’t want to have unavailable. So that is handy for you, but it’s coming in an Amazon box. It’s coming from an Amazon web or not website but from an Amazon delivery center and warehouse.

[00:56:21] But if that product is counterfeit, if it hadn’t been stolen, if there are dangerous items in it, we’ve seen that again. And again. I remember I did a television segment. These are cases that people were buying for their phones, the glitter cases, and how the fluid that the glitter was suspended. And, so you can turn it around and the glitter moves around.

[00:56:43] Isn’t that cool. That fluid was actually burning people. If it leaked out. That’s how bad it was. So who do you Sue? Who do you go after? If you need to recover the damages we get, you had to go and see the dermatologist maybe even had to have a skin graph just because you bought online from Amazon, who seems to be a reputable retailer online.

[00:57:09] And they certainly are just cause you bought a case for you. Many people have found out while it isn’t Amazon and Amazon says they have no liability. Now here’s the second part of this problem that anonymity. Provides cover for all kinds of fraudsters and criminals. It’s really not uncommon to find uncommon, to find counterfeit and potential harmful things on these various online retailer sites.

[00:57:39] Back in 2018, the government accountability office ordered 47 items, including shoes. Travel mugs cosmetics phone charges from third party sellers on quote, popular consumer websites. So of the 47 20 of them were counterfeit. That’s almost half that’s what? 40% ish. That’s crazy. They were counterfeit even non counterfeit items that are bought from these third-party sellers.

[00:58:09] Through these big websites have been implicated in consumer. Again, 2018 and 19 month old in Texas was injured after ingesting a battery that fell out of a loose battery compartment in the third party, apple TV remote. So the parents in that case in Texas, asked Amazon to stop selling this product that was obviously defective and requested the contact information for the seller.

[00:58:36] Somebody named who’s EG. Who ran the Amazon store USA shopping 76 93. So that’s the guy that actually sold the remode Amazon stock did in the warehouse, shipped it when the people paid Amazon. Hugely. Never responded. And Amazon said that they were never able to locate that person. So the parents sued Amazon in Texas state court, arguing the retailers liable for the dual factor product.

[00:59:07] Amazon. The other hand says, Hey, I’m just a middleman. I have no liability. That’s the argument. And that’s why we’ve got these brick and mortar retailers push. Back for changes. So consumer product laws, those, they hold businesses liable for injuries. If the stores don’t take the sufficient measures to help keep these defective products from reaching consumers online, marketplaces have not had those types of rules in place.

[00:59:37] And they say we don’t control third-party resellers. So we’ll see what happens. We have a couple of different groups out there, some fighting against the bill. Some fighting for them. Keep an eye on this. You might want to contact your Congress critter and let them know. How will you feel about this?

[00:59:55] Because it is a problem. Absolutely problematic. No fewer, by the way than 17 states have proposed legislation about this

[01:00:05]let’s talk about trick bot and this investigation, because it has now revealed the details of a massive crime organization. And when we think of these I often think of Tony soprano.

[01:00:20] Where you’ve got this one guy or gal as the head of the whole thing, and it’s a mafia organization and you’ve got your lieutenants and everybody else in place. It’s well organized and you know who you can trust and who you can’t trust. And you bring in people slowly. That apparently is not how trick bot ran and is narrow.

[01:00:46] As we can tell, not how most of these criminal cyber crime operations actually work. It turned out that nearly a score of cybercriminals. This is from dark reading, allegedly worked together to create this trick bot mouse. And they were able to get it on computers and effected more than a million users.

[01:01:13] Now this is from an indictment that was just unsealed. This group that was behind it. It is fascinating, absolutely fascinating. They were able to infect this million systems in nearly a dozen countries, but how do you do that? Normally you use a zero day attack when we’ve talked about those before you might also be using an old attack that should be patched already, but people haven’t bothered.

[01:01:41] Patching. But that’s conceptual. When you get right down to it, you’ve got to have malware expert. You’ve got to have software developers, you got to have technical support people. You’ve got to have your money mules that can take the money and clean it up for you. That’s called that’s modern money laundering and they’ve got to have other people involved in all of it.

[01:02:06] And that’s what this indictment against one developer said, this guy is a Latvian national, all a witty, I assume it’s a guy, but a national from Latvia. And he’s charged with being a developer with this group. That’s fascinating because the indictment shows this, the sprawling, frankly. Ad hoc organization that expanded its operations to include 20 different people.

[01:02:42] And probably more think about that for a minute. This is not Tony soprano. These groups need to move and move fast. So it looks like what’s been happening is someone has a bright idea of let’s use the zero day attack and let’s go make some. But how you do that because you need all of these people.

[01:03:03] I just described. How do you make it all work for you? Cause the group gave programming problems to potential developers. They discussed, which programmers suited their needs and used a variety of crime services to improve their operations. That’s how they work. Can you believe it? It was just absolutely amazing.

[01:03:23] Apparently they could not find enough developers internally. So that’s where they went over to Russia and Latvia and some of these other countries to try and find people and they would ask them these kinds of leading questions to see how they felt about being involved in cyber crime. And what’s fascinating to me is a lot of these guys obviously had no problem with it.

[01:03:48] Now, some of them might not have known, they might have had a task to do this, make an installer for us, a basic task, or even make this software. Yeah. Easily find it on the computer. Guess what that’s exactly what some of this antivirus software does it hides itself so that it makes it harder to find.

[01:04:09] So there’s legitimate reasons for all of the different parts of what this malware does. No question about that. This here’s a quote from this guy at Malwarebytes, his name’s Adam Quad-A. And he’s a director of the labs over there, Malwarebytes. He says, there is the group that compiles them out where then they pass it to the group that encrypts a malware, and then they pass it to the person who distributes the malware.

[01:04:40] The fact that these folks were reaching out via Russian job sites for developers means that their operation grew too large for the talent pool of the cyber crime world. Isn’t that something. So not only are we having trouble in the U S hiring people, they’re having trouble overseas as well. Now the operators of this trick bought malware, had some serious success and they got the attention.

[01:05:10] You, you can’t do it. Yeah. In fact, a million computers in a dozen countries and not get attention. And so that us investigators were able to gain access to communications between a lot of the people behind the operation. Does that sound familiar? The FBI and others have been doing that successfully. And we talked earlier in the show about some ways they’ve been doing that.

[01:05:35] So they had some of these communications, they knew what was happening and they were able to combine the government agencies and industry to crack down on it. Now you’ve heard me talk about the FBI’s InfraGuard program. And I’m a proud member of InfraGuard. I was involved with Intercar. InfraGuard pretty seriously for quite a while.

[01:05:59] I ran all of the webinars, all of the training stuff for a couple of years. And so I know those guys, this is. InfraGuard is about, it’s about knowing what’s going on out there, knowing what to defend against. It’s not just computers, by the way. In fact, it’s mostly not computers which annoys me, but it goes everything from terrorists, for physical security, all the way through various healthcare warnings and things that are going on to protect every part of our infrastructure, even lawyers are allowed to get into this law firms.

[01:06:34] Okay. But the whole idea behind InfraGuard is to get the government and industry working together. It’s been around a long time. And I only found out about it myself within the last, I don’t know, five or 10 years, but combined the government and industry were able to take down this malware group in October.

[01:06:57] This is absolutely amazing because the operators were able to recover really quickly as well. So there’s this indictment a little bit redacted, so we don’t know all of the details, but because they have. Access communications. They started to put the screws down on a couple of these people who were involved and the, by the way, two of these participants were talking about using a server based in the United States as a way to hide where they’re coming from.

[01:07:29] And I’ve talked about that before, how they can hop from machine to machine and make it look like it’s coming from someplace. It’s not, which makes me wonder about some of this Russian invasion as whether or not it’s really from Russia or perhaps it’s from China, just pretending. To be Russian isn’t that America just amazing.

[01:07:48] One of these guys in their email said, they should say, thank you to us that we are stealing money from the Americans. We should get the medal of valor, just chest. Absolutely incredible. These people, I, we got to understand what I think what they’re doing in order to really be able to. Frankly.

[01:08:10] Okay. My by the way, it looks like we were able to recover money from these trick, bought guys so much for cryptocurrencies being absolutely safe for the bad guys.

[01:08:21]Again, I really appreciate you guys. And take a minute. If you would visit me online, Craig peterson.com.

[01:08:28] You’ll find all of my newsletters. Not the newsletters, but all of our podcasts, everything we’re doing every week up there, the newsletters, however, you will find the way to sign up there. And once you’re signed up for the newsletter, I’ll send you a few of my special report. You learn about passwords.

[01:08:46] Password managers the right way to handle it and which ones are available, which ones I recommend and a whole lot more. Plus you’ll get my newsletter in email every week. I don’t usually post them up on the website. Maybe I should. Anyhow, this is a story from Fox business. Daniella is Jenna surveys, Genevieve.

[01:09:07] Genevieve’s yeah, there you go. It’s probably hard to pronounce in English. This is really scary. Because it’s showing that the private login information belonging to tens of millions of people was compromised after malware infiltrated over 3.2 million windows based computers during a two year span.

[01:09:34] Are you kidding? 3.2 million Windows-based computers over two years span. What are people doing with their windows computers? Or maybe the better question is what are they not doing with their windows computers? Or they’re not applying the patches what’s going on here? How can you have something like that happen?

[01:09:56] That should never happen. But it did. So there’s a report out by Nord lock. That a custom Trojan type malware infiltrated the computers between 2018 and 2020 and stole 1.2 terabyte of personal information. So as a result, these hackers were able to get their hands on nearly 26 million log-in credentials, including emails, usernames, and passwords from almost a million websites, according to this absolutely crazy, isn’t it?

[01:10:36] So the targeted websites include major companies like Amazon, Walmart, eBay, Facebook, Twitter, apple, Dropbox, and LinkedIn. You’ve heard of all of them. This is why I really stress everybody. You need to go to have I been poned.com. This is a free website. Have I been poned spelled P w N E D. Have I been poned.com.

[01:11:02] Check your email address. Now you can even put in your phone number and see if your personal information has been stolen. Now, if you’ve had an email address for any period of time, and if you’ve used it in the online world, I can pretty much guarantee it is out there. So double check, because what that’s going to do now is let you know which passwords you’re going to have to change.

[01:11:31] So if you had a user account at a site that was hacked and they did steal your personal information, obviously you can’t get a new social security number. They will not give you one, but you can change your password because so many of these breaches nowadays are using brute force technique. So they’ll look up these massive databases of all of the stolen credentials.

[01:11:57] And then they will try these email addresses along with the stolen passwords to see if they can get in. Okay. Now here’s the software. This is particularly interesting. Many of us say I use, I’m not going to really say it. I use a windows cracking tool. Or, oh yeah, I don’t have to pay for the Adobe software because I’ve got this cracking tool and yeah.

[01:12:23] Same thing with these games I’m playing. Yeah. They’re all cracked. Okay. Guess what? That illegal well software, which included a pirated version of Adobe Photoshop, 2018 there’s windows cracking tool and several cracked games had within it. This malware. So in order to steal the personal information, this malware was reported is reported to be able to take screenshots of a person’s information and also their photograph.

[01:12:54] Okay. If the device had a webcam and among the stolen database, where two brilliant, 2 billion browser cookies and 6.6 million files. Now with those browser cookies that they’ve stolen, they can. Effectively log into websites because a lot of websites will set a cookie saying, yeah, this is a legitimate session.

[01:13:18] So all they have to do is use that cookie it’s that easy, it’s that easy. And so 2 billion browser cookies, 6.6 million files, including a million images. I wonder what some of those images were and more than 650,000 word and PDF files. All right. So even if they don’t try and use the cookies to log into a website, they can use them to figure out the habits of people because the cookies are associated with a particular URL.

[01:13:48] So they know where you go online. They know that you use bank of America or whatever bank it is you’re using. And now they can use that for fishing. Okay, this is just crazy. Don’t use pirated slash cracked software. It’s bad enough to use it software. Okay. Making up the bulk of the stolen database got into Fox business was 3 million text files, 900,000 image files and 600,000 plus word files.

[01:14:23] Some people, by the way, this is a, I just had a question about it this week from a listener saying, Hey, listen. And I put all of my password and then encrypted Excel spreadsheet. Is that okay? According to node or Nord locker, they said that the most concerning thing was that they found people even use notepad to keep their passwords personal notes and other sensitive information.

[01:14:49] So when we’re talking. 3 million text files. Some of those text files had people’s social security, numbers, names, bank, account numbers, passwords, everything. And I know some of you guys are saying, yeah, that’s me. Maybe I’m like my man, I’m in trouble now. Yeah, you are sign up for my newsletter.

[01:15:10] Now, and I’m going to send you this report. It’s about 10 pages long. It goes through some details you can skim over and also tells you what I recommend and how to. Okay, so you got to do it. Craig peterson.com. That’s Peterson, S O n.com. And you’ll see right there on any page. In fact, if you scroll up or down a bit, you’ll see a sign up for my newsletter, or you can go straight to Greg peterson.com/subscribe and also.

[01:15:43] Make sure you go to have a been poned.com. That’s have I been B E N P w N E d.com. Now, if you missed any of that, you can just email me@craigpeterson.com. That might be easier to remember. And remember, my wife had a horrible accident and my emergency surgery, and so I’m helping to take care of her so much.

[01:16:08] Normal a little bit delayed responses have been very delayed for about the last month and probably will be for another month or so. So keep that in mind, but you can email me emmy@craigpeterson.com and ask me any questions that you might have be glad to answer. And give you those URLs as well, but just go to Craig peterson.com, sign up for the newsletter.

[01:16:30] And then when you get the newsletter, you can just hit reply and it will go to me. So you can always ask a question that way to Craig peterson.com/subscribe. Now we’re going to finish the show off with something else that is eyeopening. It was eye opening to me. It’s gotta be to you too. This is again from dark reading.

[01:16:52] This is a new study by Symantec and they found in looking at iOS and Android apps that were released on apple and Google’s app stores over the last five years that many of these apps are breaking. The protections that Google and apple have specified specifically breaking the encryption protection. If you go to a website like HDP ads, You by just doing HTTPS colon slash Craig peterson.com for instance.

[01:17:32]So going to my website, HTTPS colon slash Craig peterson.com. Do you realize that you have now set up a VPN between your computer and my cell? Yeah, you don’t need a VPN from one of these companies out there, which is actually going to make you less safe. You don’t need any of that at all.

[01:17:49] It’s going to go all of your traffic’s going to be encrypted back and forth. And the mobile apps are supposed to use the same type of encryption whenever they need to talk to a database or talk to one, one of those sources that the app might need, that’s out there on the web. And it turns out as they were looking at this un-encrypted traffic coming to, and from these apps that it’s transferring sensitive data that is completely open to interception and compromised by attackers.

[01:18:24] Now I know some of you guys just saying I would listen to the ad for the VPN software and it says it’s keeping my data. Probably nine. So I’m safe. Even if the app is sending it in the clear, no, you’re not. In fact, you are less safe. And if I did a webinar on this about a year ago, if you want a copy of it, I’ll be glad to drop one to your links.

[01:18:49] You can watch it, but it was like an hour long just explaining what’s happening and why and how and when it’s appropriate to use a VPN, none of these commercial VPNs, the G here advertise really, you shouldn’t be using those. So there’s other things you should be doing. Symantec reasoning recently analyzed hundreds of thousands of these things, and it showed that 7% of iOS apps and three and a half percent of Android apps intentionally break in the encryption requirements from the app store.

[01:19:27] It’s absolutely incredible. We’ll see what happens in the future. Apple is cracking down right now. More and more. Google has been doing some crackdowns as well, but apple has a tighter infrastructure. They can lock down a little better than Google can. All right, everybody. That’s it for today.

[01:19:48] Thanks for listening. Thanks for tuning in. Of course, you can find me online. Craig Peterson.com. Make sure you sign up for the newsletter. You’ll get some free, special reports along with that. And if you have any questions, email me me@craigpeterson.com.

Listen to this episode