Select Page

 


 

Click to View Today’s Show Notes

Transcript

TTWCP-DAILY-52_2017-03-14_Pennsylvania-State-Senators-Fall-Victim-to-Ransomware

Below is a rush transcript of this segment, it might contain errors.

Airing date: 03/14/2017

Pennsylvania State Senators Fall Victim to Ransomware – What’s the Bottom Line on the CIA Wikileaks Exposure

 

Craig Peterson: Hey, good morning to you. In case you didn’t realize it, these daily podcasts we release every morning at about 1:00 am so they’re ready for the morning commute whether in Europe or in the US. Of course you’re listening to Craig Peterson. Today we’re gonna talk about two different things. First of all, we are going to talk about the CIA leak. And we’re gonna talk about what it really means here. What did we actually learn from this leak? This Wikileak. And then also talk a little bit about some senators in Democrats in Pennsylvania. Another hack. Stick around, here we go.

(TTWCP EARWORM)

Well we’ve taken to call these dailies our TechSanity check because that’s really what they are. We are talking about the technology that’s out there. How it’s impacting us. And a little sanity here, right? I’m not a big Apple fan. Boy, I’m not into Redmond or anything else. I like them all for different reasons. I am in fact a big, old UNIX guy. I’ve been using UNIX which is where the internet was developed since about 1981. So pretty long time, I guess, in the scheme of things.

Alright, let’s get down to it here. First of all, hacks have been happening like crazy. One of my kids is just telling me that they got 3 calls over the last day from people pretending to be from the bank. Now that’s kind of an interesting one isn’t it. Aicx, one of the ladies that works with me, showed me a couple of emails she had received as well, that were phishing emails. It’s really starting to hit big time. 2017 is definitely gonna be the year for phishing. It’s crazy. Well now, ransomware is hitting Pennsylvania’s Democratic State senators. Now I’ve gone about this about a week ago but never did get around for too many other important things out there. But Democrats in Pennsylvania’s State Senate have been locked out of the computer network and it was due to a ransomware attack. Now some companies have been just completely destroyed by this sort of thing. Think of what happened to Sony where apparently North Korea got in and deleted a lot of files. It’s almost the same thing as having all your files deleted, except there’s a little bit of hope here. Hope is, yeah, we can just pay those guys a little bit of ransom and we’ll get our files back. You know, the bottom line here is about 50% of people that pay the ransom get all of their files back. You know, 50%, that’s not very good odds by the way. And I think it’s about 60% that try and pay actually get a response back from the bad guys.

So over all your odds are not very good. So frankly, think of it as you’ve lost all your files because the best response to ransomware is to not pay the ransom. Just don’t pay it. Bottom line here. Now, according to an unidentified state official who spoke with NBC, the Democratic senators in Harrisburg are able to use their computer network here and apparently they had their own computer network. Just the Democrats in Harrisburg. That’s kind of interesting, isn’t it? Kinda like the Democrats using those 3 guys to have the ties to Hamaz and had taken a hundred thousand dollars from political activists over in Iraq. Yeah, kinda interesting, eh? But law enforcement agencies and Microsoft were working with the state Democrats to get the ransomware off their network. They sent out a statement that was obtained by the Hill where the state party officials said there’s currently no indication that the caucus system was targeted and any data has been compromised. That’s the other point here. When it comes to ransomware, usually they’re not stealing your data. They’re holding it hostage. And it’s happened to hospitals. We talked on my radio show about San Francisco’s Transit System and how it got hit with ransomware. It’s a very, very big deal. And congressional IT had been warning senators in Washington DC and representatives to be very careful about potential ransomware and phishing threats.

So I am putting together a bit of a program here we’re gonna offer to businesses and it’ll be out probably in about a month, a month and a half. For we’ll be having some training. Some webinars for leadership in the organization and then some special emails and other things, little training videos for all of the employees. So, you know, we’ll be talking about that.

The payment demanded in a lot of ransomwares in the tens and thousands of dollars usually, especially if it’s not going after a specific target. And so we’re just trying to make life easier. What happens if your business goes off the air for the week or a month? What if you don’t have appropriate backups? When was the last time you tried to restore a backup? You know, the tools and techniques that we use for our customers I think set the standard and you should make sure that your business is living up to that standard. Every day, when we do a backup, we test the backup. We make sure when we’re backing up a machine that that copy, that backup will boot. How many people do you know have backups like that? That’s the new standard nowadays because we are guaranteed to need that backup. There’s no question, right? Whether it’s from a hard disk failure or, heaven forbid, a fire in your data center, or ransomware, or malicious cases where they just delete your data, you need to make sure the backup works. We had a client here just a few weeks ago who lost their disks. They just went poof all of a sudden. By the way that happens. Disks from the same batch will often fail. Sometimes within hours of each other. But they’ll often fail within at least days. So bam, bam, bam, they lost them. They had a RAID array. They thought they were all set. The good news is we were doing a backup. This backup when we’re rebooting their machine every day just over on the virtual side to make sure everything was ok. So we were actually able to switch them right over to a virtual appliance while we waited for new hardware to come in. And then we were able to migrate it from the virtual appliance over to the real hardware.

But the Democrats in Pennsylvania here apparently didn’t have that opportunity so they were trying to get their data back and getting Microsoft involved. It’s crazy. It just rarely, rarely ever works for you.

So let’s talk a little bit about the CIA and what we found out on this leak from Wikileaks. And we’ll probably talk a little bit more about it in detail this week. But here’s the bottom line. If you ask me what we really learned about this, wasn’t that the CIA was spying on people. Because these tools, at least one that has been released so far on Wikileaks, which apparently is less than 1% of what they have and they are going to continue to release it. But based on that 1%, the tools that the CIA have been using are aimed at specific people, in other words, the CIA wants to know what this person’s saying, what that’s person’s saying, etcetera. Etcetera. Versus what we’ve seen from the NSA where, yeah, they have those one on one tools that the NSA, the National Security Agency was also tossing a very broad blanket. And that broad blanket was intended to find out everything people and what they were saying and where they were going. And you know, keep the data, if not, the contents of their conversations.

So, that’s one thing we learned. So the CIA stuff, not the big, broad net that was cast like what happened with the NSA. The other thing that’s important to take away from the CIA hack is they apparently have no really good method for breaking the encryption. So you’ve heard things like oh, WhatsApp or Signal, those apps just are no longer safe because the encryptions were broken. That’s not true. What’s been broken here are the devices that you’re using. The devices that WhatsApp or Signal are running on. And those devices, if they are breached, allow them access to your data. To your voice conversation before it’s encrypted. Once it’s encrypted, it’s just not worth their effort almost ever to try and break in. And near as we can tell, they just plain cannot break into that stream. Now they’ll keep this data for a very long time hoping that improvements in computer technology, particularly quantum computing, may one day be able to break all the encryption we’re using today. So keep that in mind too, right? Even though today, the bad guys in the government can’t get into our files. In 10 years, they might be able to get into those very same files. And we’ve seen that. As we’ve seen SHA1 completely deprecated now. You shouldn’t be using now because it’s not good. It doesn’t give you a really good cryptographically strong signature.

So that’s the other thing we learned. The CIA cannot break the encryption, it would appear. And secondarily the way that they’re trying to break in is by going against attacking our individual devices to try and get into iOS or android or Windows or Mac OS or whatever it might be. So it’s kinda interesting.

Anyhow, we’ll talk more about some of the details later. Of course we will have another daily tomorrow as I am back in the studio. Back from being back on the road again. So my audio quality is a little bit better now. I still have this congestion. Sheryll pointed that out. I sound like I’ve got something here and I do. I have some congestion up in my nose here. My sinuses but, yeah, it’ll eventually go away. You know, it’s almost time for allergy season. So I’ll have a different kind of congestion. Anyways, have a great day. Visit us online, http://CraigPeterson.com. Make sure you sign up for the podcast. Take care. Bye-bye.

Show Notes:

From random (unverified) people representing banks, big establishments, and the government, call your homes and mobile phones – to random (unverified and suspicious) people representing the same that send you multiple emails, where can we find the right security?

And, how do we keep our businesses safe, when even the Pennsylvania state senators have been attacked by ransomware.

Stay safe, and stay tuned on the daily TechSanity Check!

Related articles:

More stories and tech updates at:

Don’t miss an episode from Craig. Subscribe and give us a rating:

Follow me on Twitter for the latest in tech at:

For questions, call or text:

  • 855-385-5553

 

Thanks, everyone, for listening and sharing our podcasts. We’re really hitting it out of the park. This will be a great year!


Weekly Security Update Subscription

Weekly Security Update Subscription

If you use a computer, you need up-to-date security information. Craig has been providing eSecurity consulting for more than 20 years, and now runs the FBI's InfraGard webinars. There isn't a better source to keep you up-to-date with the latest, most important tips and warnings to keep your computers and network safe.

Join the hundreds of thousands of people who get the most important weekly eSecurity information from Craig every month. It's free, it's easy and I never SPAM.

Keep an eye on your email box every Saturday morning around 9 am Eastern Time for your weekly newsletter. Add me@craigpeterson.com to your whitelist if it doesn't show up.