11-year-old hacks election machines. MAGAF could kill us all. New dangers in satellite systems on TTWCP Radio Show- 2018-08-25

On This Episode…
Would you like to know about Black Hat and DEFCON? Listen in today as I explain to you some of the things that went on at these two Conferences.

MAGAF might be the end of us?  Yes.  Today I will tell you why we must be concerned about these companies and the people they employ.

Weaponizing Satellites? I will explain how it can and is happened and why.

Craig is putting up a new membership site (Yes, it is free, but you have to sign up)  On it will have all his special reports that he puts out and you will be the first to get them.

Related Articles
Share This Episode
For Questions, Call or Text:
855-385-5553

TRANSCRIPT

Below is a rush transcript of this segment, it might contain errors.

Airing date: 08/25/2018

11-year-old hacks election machines. MAGAF could kill us all. New dangers in satellite systems.

Craig Peterson: [00:00:01] Hi, Everybody. Craig Peterson here. We’ve got a ton going on as usual. You know the big conference out in Vegas gave us some real surprises, in fact, there’s some things that you can learn from it. We’ll talk about those DefCon and Black Hat Conferences. You’re not going to believe this. Let me tell you what an 11-year-old can do. This is kind of scary when you think about November this year, and going forward. Satellite systems, they can be hacked we’ve kind of known that for a long time, but have you ever heard about people being exposed to microwave signals, and what happens to them? Well, there’s a tie there. And, I really am going to have to do a little bit of a rant here, about our friends out in the Bay Area of California, these Silicon Valley developers just don’t understand what’s really going on. They may have their hippie ways, but they could destroy us very quickly if you have an internet at your house or on your phone. I’ve got a couple of tips on how to properly check your internet speed, and how to block and report spam calls and text messages.

[00:01:10] And, did you know Google they are recording your location even when you tell them not to. So, all of that and more, please stick around. We only got half an hour. So, here we go. Well, I’m going to have to start the show this week with a little bit of bad news again. If you have Wi-Fi enabled, and you have more than one hot spot and even if you don’t, even if you only have one, I’ve got to give you a bit of a word of warning. A huge, huge, huge, issue with Wi-Fi, yet again. Check your e-mail from me this week, I’ll be sending something out. It’s also up on my Web site. You’ve got to turn off some specific protocols. It gets kind of complicated, but you’ll find it here on my Web site. And, in this week’s newsletter Craig Peterson dot com. So we’ll leave it at that. Now, we’ll get back into our regular show for today. Well, I definitely have to get that data, don’t I?

[00:02:14] It’s over 20 years now, and I don’t do as many interviews as I used to. Well, actually I do do a ton of interviews but they’re not on the radio anymore. I do a lot of stuff over on the web, on our side. You know I do stuff with the FBI Infraguard program and, in fact, I’m doing at least a webinar a week so, I haven’t had any complaints. I think most people are pretty darn happy with what’s been happening here with the show I get lots of great comments from people thanking me for it. So, we’ll we’ll leave it at that. But, I do have to change that, although I’m updating a few things, as you’ve noticed. And, we’re back up to about almost a full half hour. It’s really great. Here we are. We are running solid through our whole time since we got to cut back a little bit. Which is nice because I’m just so busy, as it were. All right today. Wow. More security stuff if you listen to my podcast. Craig Peterson dot com slash iTunes. You saw some major things this week. We were talking about Black Hat all week and what they can do with our voicemail, of course.

[00:03:24] We talked a little bit about that, on this show, last week, as well. So, if you want to find out about your voicemail how it can be hacked and, in fact, even how it ultimately will be hacked make sure you check out my podcast, again Craig Peterson dot com slash iTunes, you can see many of them up there. I think I’m close to a thousand weekly shows. How’s that for a long time. We’ve been doing it. The most recent few hundred of them are up there. Some of the oldest ones are lost, forever. I hate it when that happens. I had a backup but it turned out the backup was bad. It was bad. Has that happened to you before? So, I lost all kinds of show information, interviews, videos that I had done, and stuff. Now, C’est la vie, move on. Onward and upward. Better back up now that I test frequently, just like I do for my customers. You know I’ve always done it for my customers. You try and restore machines or restore files. Just make sure it works. But, somehow again it’s the poppers kids.

[00:04:29] I mean the cobbler’s kids that just don’t get the shoes. Hacked satellite systems, we’ve known about this for a long time, and satellites are all over the world, now. They’re just everywhere, in northern and southern latitudes, all the way on up. There geostationary satellites, there are satellites that are moving. Typically the geostationary ones are the ones that we’re using for data communications and things. But, here’s the bottom line. A lot of these satellites are used by my daughter and by my son when they’re at sea. Now, you know I have a daughter who was in the Merchant Marine. In fact, she still is in the merchant marine, right now. She is doing some autonomous ship development work for a company out in Norway. But when they’re at sea they use, kind of like cell phones, but their satellite phones you might have seen that if you’re a fan of Deadliest Catch, you probably saw Sig Hansen on there he was trying to call another ship to find out, because there are rumors that their emergency beacon had gone off and that little phone that he had, that was a satellite phone. And they’re getting simpler, they are getting smaller all of the time and the reason for some of that is that the satellites that we’re using for the satellite phone calls are getting closer and closer to Earth. There was a license that came out about five years ago, I think it was and they started flying their first satellites, just last year.

[00:06:03] That’s designed to be able to give high-speed Internet and voice to anyone, basically in North America. That’s what it’s aimed at, but ultimately worldwide, which is really cool. Well, those satellites are close enough to us, that in certain conditions, you could have what is now being called, a hybrid cyber-physical attack. Here’s what would happen. This is according to research presented at Black Hat, last week here in Las Vegas, a couple actually two weeks ago, in Las Vegas. But one of these guys is saying based on his study and based on his experience a number of very popular satellite communication systems are vulnerable to a hack. And, what will happen is that the control systems for the satellite are what are actually hacked, and it goes beyond just leaking information. Did you know that these satellites could potentially be used to microwave people on the ground? Think about what happened recently over in Cuba. We expanded or our presence over there, our ambassador, I think we have a full embassy over there now, and some of the workers were complaining about pains, headaches some of them lost some of their hearing, some of them lost all of their hearing, and that was probably due to a directed attack. We don’t really know who did the attack. It might have been sonic, but we’re not really sure.

[00:07:40] Well, think about what would happen, if somebody was out there who was controlling those satellites and aiming their beams at people and running them at high wattage.

[00:07:56] This is a guy named, Ruben Santa Marta, and he did some research that he presented back in 2014, and he said this is a quote “essentially the theoretical cases I developed four years ago are no longer theoretical”. So, they’re going to be able to use this type of technology connect to the satellite antenna from the ground through the Internet, and then using some security weaknesses in the software that operates the antenna. They’re going to be able to seize control of it. So, now the potential damage is going to vary. The very least they could disrupt, they could intercept, they could modify communications are passed through the antenna. So, they could for instance eavesdrop on the e-mails, sent through in-flight Wi-Fi, attempt to launch other hacking attacks against devices connected to the satellite network. That’s where my kids come in, because a lot of our vessels, Navy frankly, as well as merchant vessels, are connected to satellites for being able to share data. Now, there are higher risks still, and in some situations for instance in the case of the military, this attack is going to expose the location of this satellite antenna, for the ground equipment or the equipment on the ships that are out there. It could be really bad. Think of the Bond movie The World Is Not Enough, No, Tomorrow Never Dies where there mucking with GPS signals which are used for navigation by the Navy, by our cars right all over the place. Things start getting really bad, and then ultimately they could turn up the wattage on some of these satellite antennas and have them beam microwaves back to the ground.

[00:09:48] Theoretically, cooking equipment and maybe even people. So, not great news, on that front. Well, we’ve got another piece of news coming out of the conferences, here just a couple of weeks ago out in Las Vegas Nevada. This particular one has to do with some of the Games they play over at Def Con which is kind of a defense conference and some of the games are as simple and fun as “Spot the Fed”, right. Who in the audience is the Fed, and who’s not the Fed, out there? But, one of the things that they’ve been doing, that’s been getting more and more popular every year. They have what they call a voting village. Now, this village is where the organizers are setting up decommissioned election equipment, and then they let hackers loose on it and they watch these hackers and see how they can hack in. So, they’re finding newer, creative, alarming ways to break in. Well, last year, the conference attendees found some new vulnerabilities for all 5 of the voting machines, and as a single e-poll book of registered voters, over the course of the weekend, was hacked into as well. So that caught the attention of senators, and they introduced some legislation and hopefully, it’ll be good, right. Who knows? They just don’t understand how this all works. But, this year’s voting bigger voting village was bigger.

[00:11:26] They had more equipment. They had voting machines that ranged from tabulators to smart card readers, equipment that’s all currently in use in the United States. Now, they had another little voting village. This is with the little one. This was a room set aside for kid hackers. An 11-year-old girl hacked a replica of Florida Secretary of State Web site. And she hacked it within ten minutes and changed the results. So, what that means potentially is, that if the people who are doing the national tabulations were not directly contacting a known person that the former secretary of state’s office. A known person using some form of two-factor authentication. You know like codewords or something. So, they pick up the phone, they call them, the proper code codewords or exchange bidirectionally. And then the Secretary of State of Florida says and here are the election results and gives them to them. So, if that’s not what happens. If what happens is they go to the Web site for the Secretary of State’s office, and they find the Hacking results, there. Well, now we’re talking about some really big trouble. Because if an 11-year-old kid can hack a replica of the Florida Secretary of State’s website within ten minutes. And, we are relying on Secretary of State’s Web sites to have the national results, tabulated. Wow. That is huge. Now, we heard this week as well, from our friends at Microsoft saying that they had discovered some Russian hackers who had put up fake Web sites. Websites that pretended to be Democrat and Republican Web sites, to try and again mislead people and create confusion.

[00:13:28] And all. We had Russian hackers attacking 2016, and now already we see them attacking 2018, and of course, they’re going to continue to do this. Now, I had this week, the CEO of Black Ops partners on a webinar I did for the FBI’s Infragard program and we talked about the hacking that’s going on. And, it’s even worse than any of us thought. And, there was information that he could not disclose even to the FBI InfraGard team. So, that tells you something here too. But, he’s telling us that the Chinese have been actively hacking us and the Chinese were talking about their military, the People’s Liberation Army, the communist Chinese military has been covering up their tracks. He said they are using plausible deniability in a very, very big way, versus the Russian hackers that don’t seem to really care, frankly, some of these Russian hacks, if you ask me may well be Chinese military hacks, disguised as coming from Russia. The Chinese are very, very, good at this. So, there’s been some pushback about this voting village, because it was just so notable, this year. And, one of the largest providers of election equipment in the U.S. sent an e-mail to its Customers, assuring them that while attendees will absolutely access some voting machines internal components physical security measures make it extremely unlikely that an unauthorized person with malicious intent could ever access a voting machine.

[00:15:15] Yeah, yeah. And, then we have the National Association of Secretaries of State quote “Our main concern with the approach taken by Def Con is it uses a pseudo-environment which no way replicates state election systems networks or physical security”. So, you know when we’re talking about distributing software, a lot of these systems are using thumb drives. Now, remember thumb drives have been hacked. In fact, brand new thumb drives have been shipped with viruses on them. So, you format the thumb drive. Again, there’s so many ways, I know ways that I could do, that would fake it enough, that the election systems could be hacked. Believe me, it’s very, very possible, even with people that pretty much know what they’re doing on the security front. This is this is very concerning to me. Many people say that you know, hey listen, it’s just crazy you can’t do this. But, here we go. Matt Blaze, he’s a veteran of elections security researcher who helped organize voting village said I think the statement was misguided. Talking about the statements from the various Secretaries of State organizations. “It’s only through scrutiny that we’re going to have confidence in the elections”. “That said, the fact that this system has vulnerabilities in it, even incredibly serious vulnerabilities, is not the same as saying any given election has been tampered with. There’s an interesting paradox.

[00:16:47] We know the systems are wildly insecure and there’s been precious little evidence of these vulnerabilities so, far being exploited in real elections. I think we’ve been very lucky and I think there’s been a little bit of a ticking time bomb here”. I absolutely agree with that. Unfortunately, our copyright laws have made it very difficult for researchers to legally acquire the voting equipment and mess with its software and test it. I think we need to have exceptions in the law for security researchers. And, there are some exceptions for certain security researchers under the Digital Millennium Copyright Act, the DCMA. But, I think it has to be a little better than it has been. All right we’re going to get into China, next. And the hippies in Silicon Valley. How were they threatening our security? The hippies, that is. Well, those darn hippies they’re back out in California. You remember me talking a few weeks ago about how Google had, well it started with just a few people saying we are not going to work on any projects involved with the Department of Defense. And, it ended up being what was, it like 3000 of these people saying, we will quit our jobs if you have anything to do with the Department of Defense. And we have seen this in a couple of other companies, before. Now, people are stepping back and thinking about what the actual consequences are. Google has a very big artificial intelligence program, underway, and if you use an Apple device there is machine learning behind it.

[00:18:42] If you’re using an Amazon Alexa, Google home, there’s machine learning behind it. Machine learning is kind of a subset of artificial intelligence. Artificial intelligence, AI, where machines are figuring stuff out for themselves, is on its way. Don’t, don’t get us wrong here. Well, these main companies and I’ve started calling them MAGAF kind of like Magaf with an F on the end. You know MAGA, President Trumps slogan, I’m using MAGAF to stand for Microsoft, Apple, Google, Amazon, and Facebook- MAGAF. So, now you know when I refer to that what I’m talking about. Well last month, some of these companies the biggest names in technology they officially signed a pledge promising to not develop lethal autonomous weapons. Now, I can see that as being a very good thing, right. In many, many ways. We had Google’s project maven, where employees said, We will not allow our technology, our work product to be used by the military. And some praise them for these initiatives, as ethical and moral victories, right. That’s the typical knee-jerk reaction. That’s the simple reaction. Who wants killer robots right? I thought Arnold Schwarzenegger demonstrated that to us quite nicely with Terminator. Who wants Skynet? Nobody. Well, I guess somebody does, but most people absolutely don’t. While a senior adviser to NATO by the name of Sandro Gatien has come out with some really great statements and I absolutely agree with him.

[00:20:35] Here’s a quote straight from him. This isn’t a NATO adviser “these naive hippie developers from Silicon Valley don’t understand. The CIA should force them to work on this development”. Now, he is also the founder of the digital society Institute at this Berlin-based business school called ESMT. But, he came up with some very critical device. And what’s really good about this is it’s bringing to light a schism, about the future development of artificial intelligence for military purposes. On the one side, you have people who believe the pursuing the development of military AI’S is going to lead to an unstoppable arms race, and frankly, I’m kind of on that side. On the other side, people like Gatien believe that the AI arms race has already begun and that Pearl Hibbett Dean AI research for military purposes will not lead to peace but will give the upper hand to authoritarian systems. Now, that’s a good point. So, he’s saying if the West wants to stay in the lead, if we want to survive, we need to unify around a concerted strategy. quote another quote from him “Within most military and intelligence organizations, it’s a real concern and it’s bound to be a much larger concern”. So, we’ve got machine learning tools that are being spread already amongst military devices and we have the Chinese. Now, according to Al Scandia, who’s an expert in Chinese military strategy, there is a strong belief that machine learning is going to provide an essential tool, in the Chinese building their military strategy far beyond ours.

[00:22:33] So, we’re talking about superiority across the entire electromagnetic spectrum. So, that means faster more insightful AI. It could enable one side to enhance communications, situational awareness other forces, disrupt degrade or deny the adversaries. Think about some of these things we’ve talked about before, where you have clouds of AI controlled, little things, like the about the size of a bee, that can swarm and kill someone. What would happen if the Chinese had this technology, and they decided to take out the President of the United States? Think about what just happened in Venezuela. Where a couple of drones flew close to their Presidente and blew themselves up. What would happen if one of these matters to land on the President and work its way around? And we’re seeing some of this AI type technology, already being used to try and break its way through firewalls, and other things. So, by having these hippies controlling some of the leading AI technologies, saying no, no, no, we’re not going to do it. And allowing now the Red Chinese communists, who are trying to develop their AI technology, for military purposes. How are we going to be able to defend ourselves? How will we be able to defend our allies? How will we be able to keep up our NATO commitments? We could very, very quickly, fall behind in this new arms race, and have these other countries like China particularly selling some of this technology.

[00:24:18] Think about that. If some of this AI technology gets into the hands of terrorists, and they use it against us in our large cities, etcetera. Think about what would happen there. All right, we’re not going to have time today to get into these other articles. But, I want to encourage you to go online. We’ve fixed all kinds of problems with the Web site at Craig Peterson dot com, right now or just straight has news on it things from the show, security news. We’re going to be enhancing that, we’ll be starting to post some of my webinars up there, and things. But, right now, we fixed the bugs we had. So, you can find the articles we just talked about online. Plus, the ones we didn’t get to today. So, how to properly check your internet speed. I’ve got articles there that are going to tell you all of the details of the different apps, and different Web sites you can go to. How accurate they are and in what ways are they accurate. And that includes for some of us, that have ISPs, you may be questioning are we getting what we’re paying for. And, by the way, maybe this is no surprise, but you using your ISP speed test may not be the best way. How to block and report spam calls and text messages. Things are getting worse. More than doubled since last year. Some really good hints and tips in there, including a couple of surprising ones.

[00:25:46] At least, there’s a price and the people I was talking to about them. So, you might find them surprising, as well. And Google. They are recording your location, even when you tell it not to and that’s for anything, including iOS devices. If you have Google software on them. So check it out online. Craig Peterson dot com. Lots of great articles up there. And, if you have any feedback, any questions, you can just e-mail me at Craig Peterson dot com or one of the simple things to do is just go ahead and text me. You can do that right now, if you’re at the gym or wherever. I love to get feedback! What do you like about the radio show? Tell me specifically, what did you like about today’s show? Just text me, 8 5 5 3 8 5 55 53. Any questions, any anything. 8 5 5 3 8 5 55 53. I hope you have a great week. Be safe, out there. Pay attention to what’s going on, and if you’re a business owner please, please, please, please, UP your security, and I can give you some great pointers on that. I have all kinds of special reports I can share with you. Again just text. Have a great day. We’ll be back Monday morning with Jack Heath, and of course, posting that on my Web site, and on iTunes, SoundCloud, Stitcher of everywhere and even tune-in. Take care. Bye-bye.

Malcare WordPress Security