Small business security and breaches. Why delete old apps and how. Worst cyber breaches of 2018: TTWCP Radio Show- 2018-07-21
Have you been hacked? If not you are lucky! Today, I will talk about how 2018 has turned out to be a banner year for cyber breaches.
Did you know that small business is under attack? I will tell you about why and some of the things I have uncovered.
A reminder. If you have not already replaced your Router – You need to do so. The malware is still out there and it is still causing issues with the lower end routers.
There was so much to cover this week — I barely got started and time was up — please read the related articles in this post to see what I thought was important this week.
Craig is putting up a new membership site (Yes, it is free, but you have to sign up) On it will have all his special reports that he puts out and you will be the first to get them.
- On the 10th anniversary of the App store, it’s time to delete most of your apps
- The Worst Cybersecurity Breaches of 2018 So Far
- The SIM Hijackers
- A Real-Life Hacker Reveals What You Should Stop Doing Online
- How to Make Your Wifi Router as Secure as Possible
- New road signs can detect mobile phones are being used in vehicles
- Intelligence chief invokes 9/11 in warning of potentially crippling cyber attacks
- NYU Remains Silent on Professor Who Doxxed Ice Employees
- When a DNA Test Shatters Your Identity
Airing date: 07/21/2018
Small business security and breaches. Why delete old apps and how. Worst cyber breaches of 2018
Craig Peterson: [00:00:00] Hey, everybody, Welcome to Tech Talk with Craig Peterson today. You know it’s the 10th anniversary of the app store. Well not today, but just towards the 10th anniversary of the app store. So we’re going to talk a little bit about apps today. Maybe it’s time to do a little bit of, Well, it isn’t Spring, either. but it may be some cleanup on your phone. We’ll talk about why you should do that. We’ve got the worst cyber security breaches so far of 2018. This professor, we’re going to talk a little bit about doxing, a New York University professor who is encouraging people to basically attack ICE agents. It’s crazy, isn’t it? Real Life Hacker reveals what you should stop doing an online DNA test. Did you buy one of these as Amazon Prime had them on special this week? We’re going to talk about it shattering your identity. There have been some interesting stories about this new tech new road signs that can detect mobile phones being used in vehicles.
[00:01:03] Now the director of National Intelligence. Dan Coats has a couple of words for us and I’ve got an article up on my site. If you have a Wi-Fi router you know we’ve talked about this many times, but have you done what you should do. I know a lot of people haven’t because they haven’t been calling me asking them to help fix it.
[00:01:24] But, anyways how to make your Wi-Fi router as secure as possible. So here we go stick around. We’ve only got a half an hour
[00:01:38] On the front lines and ahead of the trends in business and consumer technology speaking with the top minds and creators behind the products and ideas that help to drive our everyday lives.
[00:01:48] Dean Kamen is joining us now. He’s the inventor of the Segway and the founder of us first Steve Forbes I appreciate what you do with Forbes magazine for all these years it’s one of my first go to places or talk right now with the guys and gals behind Siri. We’re joined right now by the director of Kindle technology. We’re joined right now by the CEO of Ebates Kevin Johnson on air for more than 15 years.
[00:02:13] Over 20 million podcast downloads. This is Tech Talk with Craig Peterson.
[00:02:20] You know I keep talking about trying to change that intro. And I still haven’t done it right. There’s just too many things on the plate. It’s kind of like the cobbler’s kids. Well’ I picked up to new clients this week, two new security clients. These are both companies, and because of some serious security problems, they have had. And, I’ve been working more closely with the FBI as you know because of a couple of things, one this whole InfraGard thing and a few are involved with critical infrastructure if you are responsible for security for business physical as well as some of the security for your computers and other things you might want to look at infragard, I-NFR-A-GARD dot Org. This is an FBI to the private sector organization and they do a little you know kind of a background check on you and then they will sign you up and you can attend some of the local meetings held all over New England, there are some 80 chapters nationwide and you can be kept up to date and that’s kind of nice because you get briefings from the Secret Service from the FBI Ecetera. And you also get to attend the webinars that I put on for the infragard members for the FBI. So, check that out as well. But I’ve been working with them on a couple of different cases it’s really kind of interesting the cases but the latest one is just this week. Wow. We had talked with this company last week and the last excuse me last year and the company a small company.
[00:03:57] Right. That’s obviously what happens at all small companies, being really big targets. They were targeted and there was what’s called a whale attack against them, and they only found out because of some weird e-mails. Now, this has got to be a record here because I think the most recent clients we’ve picked up have all noticed a problem with their e-mail. Something weird is going on. So, we delved into this and it turns out that this company had been hacked, maybe. But in this case what had been happening is that they had the customer list which makes you think they’ve been hacked right. So, somebody has their customer list. They have their invoice format which also makes you think they’ve been hacked and they have their logo which of course you can get from their Web site, and they’ve been sending invoices to this company’s customers. Now, this is a really big deal because in those invoices they said OK ACH the funds to this account. Now for those who don’t know ACH is a way of sending money directly to a bank account or pulling money directly out of a bank account. We use it we use it to pay a couple of our providers and we use it for some of our customers to pay us. It’s really handy but, it’s also really actually rather dangerous because those guys have your bank account number. So, the bad guys were sending out invoices to the customers of this small business saying pay up and here’s where I want you to wire the money.
[00:05:41] Wow. And they did not hear about this from many of their customers. It’s absolutely crazy. It’s insane. So, we went in there. We reviewed everything that was happening and came up with a solution for them. We came up with a battle plan including tightening up all of their security, because they were running their own in the House e-mail server, which a lot of people do, and they did it because they wanted to be secure. They didn’t want someone hacking a third party service or you know, there’s so many ways that it could go wrong when you don’t have your hands on it right. Well, it looks like it had been compromised. So, we’re cleaning that up we’re giving them a much better system that is much more secure. We’re putting special clients on all of their machines, not just this normal anti-virus crap that doesn’t work. Boy, if he didn’t attend my last Webinar there’s some serious news out there about like McAfee, saying McAfee is the worst product in the world. Norton saying, Yeah you know none of these products work, people. I keep getting called into business. They didn’t work. I got another one. I’ve got to go to next week who has a major security problem, as well. So, it’s been a very interesting, interesting week this week as I’m seeing more and more small businesses getting hacked and having money taken out. So, I’m talking to the FBI agent out of the Boston field office and talking with him about what we’ve found and what’s going on and giving them account numbers and stuff and.
[00:07:21] He’s talking. He’s telling me about an indictment. I guess it just went out and about a company, very similar thing, and that bad guys got a half a million dollars from this small business. Five hundred thousand dollars. And, even though the FBI has indicted these people you can try and freeze bank accounts et cetera. But, the money’s already gone, and I think well I know I’ve told you guys this is quite a while ago but a story about how doxing works, and how this lady over in the former Soviet Union had to use some of this data that she doxxed. It’s an interesting story I should tell it again sometime. But, she was able to get almost 50 million dollars it was more than 45 million from this small-medium sized business, and it only takes 90 seconds for that money, once they have their hands on it. Once they have access to that account it only takes 90 seconds for it to be out of reach of U.S. law enforcement. That’s how bad it is. So, you know welcome aboard to our newest customers this week as we try and straighten out the mess. I just wish people would do the right thing to start with. And, sometimes they do.
[00:08:41] And, you know Ron and Monica if you guys are listening, and you come to mind, you know growing the business you wanted to be safe. You’re nervous because you didn’t understand enough about it. Right. A small business. Somebody is responsible for the IT but there’s not necessarily someone that knows enough about it. So, Ron and Monica came to us and they’ve been a happy client of ours here for a few months now. But, that’s the exception right. Usually, people come to us when their whole world has fallen apart. That’s a really, really, big problem. All right. So, we’re going to get right now into the tenth anniversary and what you should be looking for. Now, it’s my 10th anniversary its the 10th anniversary of the app store. I’ve been on the air now for over 20 years and I think that’s about right. We’re coming up on our nine hundredth show weekly show so 900 divided by 52. That’s that’s a lot of years and I appreciate everybody who listens to us and of course all of the sponsors of the radio show and you know without you listeners we would not be here so I appreciate that. Including the listeners of our podcast and people who are watching some of the stuff over on Facebook. Well, it is the 10th and well not today isn’t the tenth anniversary as I mentioned earlier but of the App Store. And, I wanted you to look at your phone right now, your smartphone.
[00:10:12] Open it up. I’m going to pull mine up here too and have a look and see on this app store, not the app store, but on your phone. How many apps do you have this screen? I bet you. Just guessing here I probably have a 1 2 3 4 5 6 times 4 is 24 per page and I have 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 pages of apps.
[00:10:55] How many you have? That is all lot. So let me see 24 times 15 that would be 300. I have 360 apps on my iPhone. Wow. How many apps do you have? Well, when the app store debuted 10 years ago there were 500 apps total out on that app store. This is the Apple App Store obviously. Now, it’s grown to over 2 million apps and people like me, I probably have more. I will I know I have more than 360 because I like a lot of them I’ve deleted and frankly most of us could probably delete a lot. Here are the statistics and I want you to think about your phone your devices here. But, this is according to a study that was done by Nielsen. You know those guys and they found that the average person launches roughly 9 apps per day, 9 per day and interacts with roughly 30 apps over the course of a month. So, for me, that means I have 330 apps that I just plain don’t use. Now I know most of these apps use from time to time and that’s while they’re still on my phone. Yeah, I’m making an excuse, But I do use a lot of them. OK.
[00:12:14] Here’s why you might not want to engage in the kind of digital hoarding that I’ve tried not to do as I said I’ve deleted some of the apps. The bottom line is, that there are some serious security flaws with some of the older apps particularly if we’re talking about Android apps here. The iPhone apps, iOS not so much. But you cannot get updates for a lot of these apps. There are servers that are behind the apps may be where the security flaws are. So, for instance, you’re using an app lets just use Dropbox as an example we use Dropbox with a lot of our client Dropbox app. Isn’t just a standalone app just like so many of them behind Dropbox app you have Dropbox servers, you have Dropbox data storage right. The same thing with email apps almost any app is going to use some sort of cloud device to do storage in order to pull it all together, Right. It’s not storing everything on your phone although some apps certainly do. Well, the security flaws could be behind the app and could be sitting there in the cloud and they’re never reviewed by Apple.
[00:13:29] All Apple is doing is looking at most is looking at some of the code and looking for some major mistakes or them doing stuff that would really, you know, drop your security level and you could lose data. So, that’s frankly that’s the biggest reason to get rid of these older apps. Yeah, they can slow down your computer or your iPhone really or your Android device that’s out there. But, it is a security issue. Now, of course, you also have the issue of using space up but when we’re talking about space nowadays it’s just so cheap to get cloud space from Google. Or from Google or from Apple. You know we’re talking about 99 cents a month for a pretty serious upgrade in cloud storage. But the iPhone now has an automated way to kill apps that you’re not using anymore. And what it does is if it’s getting low on space and it needs to free some up it can go in an automatic magically delete apps that you’re not using, regularly.
[00:14:40] It saves the documents and data that go with them but it gets rid of the app. See here I’m going to pull up on my iOS device, you’re going to go unlock your phone. So, you’re in this is true of any iOS devices to have your iPad as well and go to settings. And, this, by the way, is only in the more recent versions of iOS. So, go to Settings General and then under general go to iPhone storage and it’s going to give you an option called offload unused apps. Now that’s going to automatically delete the apps you don’t use, regularly. But, as I said it’s going to say the documents are going to save the data. And frankly, it’s going to save you gigabytes of storage on your device. Now you can also look at the apps that are hogging your storage because some of them take up a lot of space so if you’ve done that already so we went to settings General iPhone storage and made sure to offload unused apps is turned on. So, now I want you to go to settings general iPhone storage again and you’ll notice there is a running tally of how much space each app is taking up.
[00:15:55] Now if you have a lot of apps it might take a minute or so for it to go through. Find out how much each one’s using and sort it in numerical order by clicking into a specific app. You know how much storage is dedicated to the app itself and if it’s the app is automatically removed that storage you are going to come right back to you. But it’s also going to tell you about the data it’s accumulated in some apps are accumulate a lot. Like I use iPod type apps right. Streaming apps listen to podcasts. Those are going to use a lot. I use video apps from Amazon from Netflix from Plax etc. and any movies that I’ve downloaded are gonna be sitting in there too so that’s really going to get you on the right track, again. It’s under settings. Both of these settings general iPhone storage. That’ll help to clean things up now for Android users.
[00:16:51] The process is, of course, a little different if you are running Android Oreo.
[00:16:57] You can not get a running tally of your apps and sizes instead you have to click through the categories and find the apps by their usage. There’s another apps category for those that don’t fit the top level category so, it’s not as simple. As over on the app Apple’s side. Now again, ten years ago 2008 much different time for app users.
[00:17:20] Most people didn’t consider that a simple flashlight app or social network or maybe an app that just gives you a nice background on your phone might do everything in its power to try and track you and gather up information. But all of those types of apps, historically. All of those types of apps could have done it. Not that they all did, but many people downloaded a free flashlight app or downloaded a free wallpaper and what those apps actually ended up doing was grabbing all their contacts taking that contact information and sending it on out. So you might want to delete those as well. Good time. The 10th anniversary of the App Store to go through and do a little bit of cleanup on your iPhone iPad or Android devices as well.
[00:18:17] Our let’s move on to the worst cybersecurity breaches of 2018 so far. Now, I have seen in 2018, one of the worst breaches of small businesses I have ever seen. In fact, it wasn’t one of the worst. It was the worst and other security professionals I’ve worked with have agreed it was the worst one, they had ever seen. Just a small business, talking about eight computers. It is nuts what’s going on out there right now. But here we go. The year is only half over and let’s see which one of these you can remember the Russian grid hacking.
[00:18:59] We know the Russians were infiltrating and probing our power companies, here in the United States. Remember, they are not run by the government they are private businesses. There is evidence that the Russians, apparently had direct access to all of the control systems in one major U.S. utility. I’m not going to name names here. The not Petya malware has been going out there. Grid hacking guide is just crazy. US universities in March this year the Department of Justice indicted nine Iranian hackers over an alleged breach of attacks on more than 300 universities in the U.S. The suspects are charged with infiltrating the 144 U.S. universities in and 176 and 20 other countries 47 private companies and targets like the United Nations, US Federal Energy Regulatory Commission, and the states of Hawaii and Indiana. Apparently, they stole 31 terabytes worth of data. Who wouldn’t notice that data going out of their systems exfiltration something you have to watch for, estimated to be worth three billion dollars. Man, we got rampant data exposures. Data breaches of course, continued just crazy in 2018. But their quiet cousin, I liked the way wired worded, this data exposure has also been prominent this year. I’ve got a link to this Wired article up on my Web site. Craig Peterson dot com if you want to read the whole thing I’m just kind of commenting as I go through it here. But, the data exposures when data is stored and is not defended properly. So, is not encrypted at rest Etcetera Etcetera So data aggregation firm exact Exactis, talked a little bit about the 340 million records exposed publicly accessible it’s two terabytes of very personal information about hundreds of millions of US adults. Under Armour breach, This is their my fitness pal app and a lot of people that were using it using names email addresses passwords from 150 million users. VPN filter. This one’s still going on warned about it. At the end of May beginning of June but it has impacted more than a half a million routers worldwide.
[00:21:26] This was spying and it was just like a siphon, right too. You’ve seen these massive siphons that they use to suck up water for firefighting.
[00:21:39] And are there like two feet in diameter. These huge things and they can suck up thousands of gallons a minute. Well, that’s the sort of thing VPN filter can do and it sends it all to Russia. And once it’s in Russia they have your information, everything you’ve been doing online. It’s just crazy. Which, is why and we’re not going to get to any of these other articles, unfortunately, we have run out of time but that’s why I have put up on my Web site you’ll find Craig Peterson dot com in today’s show note make sure you check your e-mail. My show notes for today but talking about how to make your Wi-Fi Router as secure as possible. You’ve got to do it. This is very dangerous stuff. The FBI had been warning people worldwide and unfortunately, very few people have put the patch in place. The FBI has slowed it down by blocking the command and control. But, this is a very very big deal. So make sure you pay attention to that and we’re starting up a few other things. We’ve got some other recordings we’re going to be posting. We’re putting stuff up on YouTube and Facebook, soon. So, I will let you know. But make sure you are subscribed to my regular weekly show notes, so I’m going to check in make sure that’s up.
[00:23:00] But, if you go to Craig Peterson dot com slash subscribe. It should pull up a little subscription page for. And once you’re there. Go ahead and subscribe to my weekly newsletter and you’ll get these articles, all of the details. You’ll also be able to get, this is a very good thing. Any warnings about immediate breaches that are underway. I have master classes that I’m giving for free on a bunch of topics so its based on what you’re telling me you want to hear about. And I do these things absolutely free is not a pinch and the only way you can find out about that is making sure that you get my weekly e-mails, again. Craig Peterson dot com slash subscribe. I’ll be back on the air next week same time. And you can also find me online, go to Craig Peterson dot com slash iTunes, please subscribe. It really helps to get those subscriber numbers up. Those are the ones that count. I want to make sure people listen in and they understand these the most important topics of the week and of the day have a great weekend. We will talk again next week. Take care. Bye-bye.
[00:24:21] Only one out of every five people. If you still can’t get enough, go to the Web site, Tech Talk with Craig Peterson dot com.