Dec 22, 2018
There is a new law governing encryptions in Australia. Today I will discuss what this law is trying to accomplish and what effects it may have worldwide.
AI or more precisely machine learning is becoming more common. I will talk more about what happens when algorithms go wrong.
Hacks and More Hacks. This year we have had a lot of hacks and we have talked about some of them. Today I will talk about the 21 biggest hacks of 2018.
Apps are tracking you, even when you turn off tracking. Today I will explain what you can do to prevent this from happening.
These and more tech tips, news, and updates visit - CraigPeterson.com
---
Transcript:
Below is a rush transcript of this segment, it might contain errors.
Airing date: 12/22/2018
The 21 Biggest Hacks Of 2018 - Why They Occurred
Craig Peterson: 0:00
Hi everybody, Craig Peterson here, show number 986. That's 986 weekly shows won't be long, we're going to be at show 1000 on the air for 1000 weeks is not the coolest thing ever. Alright, today, as always, we're going to talk about some of the latest tech that's out there. And it's, you know, end of the year, I hope you're going to have a great week, all of us standard tips you should already know about shopping online, and what to do with your information. But really kind of keep in mind that the biggest problem that I think most people are going to face this year as well as for years to come is kind of the fraud thing. It's not just clicking on emails anymore, which is a problem because people are still sending bad links we're talking about the problem of having an email come in, that looks legitimate asks you to do something taken action. For instance, pay off, pay a vendor off, right? Pay vendors invoice and that email did not come from the person you think it came from. It didn't come from the boss didn't come from finance people. So pay a little bit more attention to your emails. It's a huge problem. You've heard me talking about it before. And also make sure you follow through with my special report on how to keep your information safe online because we know you're going to be hacked, right? It's it's inevitable. Everyone either has been had their data stolen has been hacked, right? So it's not like you've been hacked but Equifax has been hacked we talked about them last week or one of these other organizations and it's going to affect you in a very negative way so make sure your information even though that it's it's out there isn't going to be used against you with this Marriott hack and we'll be talking
Craig Peterson 1:57
about it today is one of our articles they're saying you know
passports were stolen
Craig Peterson 2:02
credit card information was stolen personal information was stolen
well yeah that's a big problem no question about that but what do
you do right isn't that the problem what do you do and that's what
this special report all about so if you haven't got it yet if you
didn't sign up for to get a copy of it. Make sure you go to
Craig Peterson comm slash subscribe and you'll be given the option
to get that special report we're going to have a paid version of
that in the future. So get it now while it's free because it is
guaranteed not to be free in the future. There's a lot of people
that want this thing and we're adding more to it we're gonna have a
little course on it with screenshots and we're going to have in
fact I've already invited and we've got commitments from all of the
major credit bureaus to be on part of this information product here
we're going to have a little bit on this radio show and we'll talk
more about it as well but get it now that's the best thing you can
do frankly and it's all free it's all free stuff you can do you
don't have to pay anybody a dime in the bottom line is don't pay
these protection bureaus to protect your data because they don't
actually protect it all they do is let you know after the fact so
it's simple enough this you can email me at Craig Peterson calm to
and either me or one of our minions will get back with you to help
you out and get your copy of that
Craig Peterson 3:32
this is for you, okay I'm not I'm not going to hammer you with all
kinds of messages marketing messages and stuff it's free classes
yes I do have services that I sell but this is all free as I pat
myself on the back
Craig Peterson 3:47
if you're watching in video Hey welcome we're going to try and do
this more regularly have our shows up on the website at
http://CraigPeterson.com This is going to go into to the insiders
site eventually so you have to be insider in order to watch some of
these videos but all of that of course just
http://CraigPeterson.com/subscribe. So for today, I've got a whole
lot of stuff here. I want to talk more about that Australian law
that was just passed this anti encryption bill to more of what that
means. I mentioned I'm going to talk about marrying it as well.
This is very interesting. This is an article from The Verge I have
up on http://CraigPeterson.com and this is talking about
artificial intelligence. What do we do when algorithms go wrong? I
was shocked to see California saying they're going to have a
computer program determine whether or not somebody should be bailed
out, basically, the getting rid of the bail bondsman, etc. And now
your ability to get bail.
Craig Peterson 4:56
It's going to be in the hands of a computer. So what happens when
things go wrong, your apps are tracking you what to do about
Craig Peterson 5:03
that. And we've got the biggest data breaches of 2018 this is this
is a big deal. And the article is great as got a picture of the
Zuck right there
Craig Peterson 5:13
on the front of it. Mark Zuckerberg now but data breaches and 2018
compromise the personal information of millions of people. And
we're talking hundreds of million people around the world. So here
are the 21 biggest data breaches of last year let's see if you were
part of any of these British Airways. And by
Craig Peterson 5:35
the way, if you were not only should you make sure that you follow
those directions in my personal information, special report, but
you might be able to go after these companies and some of them will
pay you to do some data recovery and other things British Airways
380,000 people had their credit card stolen
Craig Peterson 6:00
so that's a bad thing but it also affected the bookings Orbitz had
880,000 Records stolen Wow, almost a million people and that's
payment card information, personal data, billion addresses phone
numbers, emails and this is hackers the access the travel bookings
in the website system, sling health one and a half million people.
This is the Singapore government health a database. Yeah, we want
health database and some of the patient's history of dispense
medicines. And the reason they want to know about medicine
prescriptions is so that they can break into your home. They sell
that to local criminal organizations, gangs, and others. And then
they say, Oh, this guy's got Percocet or whatever might be and they
break in and steal it. Or in some cases, they've gone so far as to
follow that person. And I mug them when they just before they get
home. When they come back. The pharmacy information on the Prime
Minister of Singapore was also targeted as part of this. And it was
a deliberate targeted well-planned attack. That's from the BBC T
Mobile. And this one hit me encrypted passwords, which isn't
necessarily a big deal personal data including account numbers,
billing information, email addresses that happened summer this this
year, quote, international group of hackers unquote access T Mobile
servers through a T Mobile API and API's, these application
programming interfaces are being used more and more. I just had two
weeks ago, I was in a three-day session, today's session, I guess
it was with Cisco about their APIs and what they're doing more and
more of these, you're going to see problems with my personality, 4
million people. This is personal data by Facebook customers who use
the mind personality app. Remember the whole thing about the Trump
campaign and using this British firm to get information on people
and Facebook, it was a big deal. Of course, what was worse was what
the Obama campaign did put the
Craig Peterson 8:15
course the media is never going to report on that right because the
Obama campaign got way more data from about way more people. But if
you play these games on Facebook, you are giving up your personal
information. In this case, it was stolen
Craig Peterson 8:31
mostly active before
Craig Peterson 8:34
but it was banned from Facebook this year. And it's mishandled
Facebook user data, Sachs and Lord and Taylor. You wouldn't have
expected that from a higher end brand. But they lost 5 million
people's information. This is payment card numbers. They never
release the details on what happened. But the New York security
firm Gemini advisory says a hacking group called Joker stash
announced that it had put them up for sale, 5 million stolen credit
card debit cards and the records came from Lord and Taylor
customers. She in.com six and a half million email addresses
passwords that were encrypted customers online store accounts that
happened in June this year. Hackers carry out a sophisticated
criminal cyber attack on its computer network.
Craig Peterson 9:26
Cathay Pacific airways I'm not sure if I'm pronouncing that
right
Craig Peterson 9:29
here. 4.9 million records stolen. That includes 860,000 passports
for 240 5000
Craig Peterson 9:39
Hong Kong identity card numbers 403 credit card numbers 27 without
the CV v. So not a lot of credit card stuff but a lot of passport
stuff which is what people worrying about with the Marriott hack.
And we'll talk about that in a little bit here.
Craig Peterson 9:57
14 million names email, phone numbers, trip data, Time Hop. Hey,
there's a bit of a theme this year in the travel, hoteliers,
Time Hop 21 million names, emails, and some phone numbers, access
credentials or cloud computing environments. Compromise come cloud
computing account had not been protected by multifactor
authentication. Again, the cloud is not a panacea. Everybody ticket
fly 27 million people this is a ticket company sells tickets to
events primarily personal information, including names, addresses,
email phone numbers, a hacker compromised sites webmaster and
gained access to a database called backstage contained client
information for all of the venues, promoters, and festivals
Facebook 29 million. That was from last summer, summer 2017 to this
summer. This fall, actually 29 million highly sensitive data,
including locations, contact details, relationship status reach
recent searches, devices used to log in, the hackers were able to
exploit vulnerabilities, and Facebook's code to get their hands on
access tokens. We talked about this on the show, Chegg. 40 million
people I know Chegg C-H-E-G-G, personal data including names,
email, shipping account usernames, passwords, now didn't say
an encrypted password. So again, another reason to use a
different password on every website. Use a password manager like
one password or last pass. Those are both great one password or
last pass. And that happened just this year. According to Chegg's
SEC, filing on authorized party gained access to company database
and host user data.
Craig Peterson 11:50
Google Plus 52 million. In fact, this was according to many people,
the final straw for Google Plus because 52 million people had their
data stolen, Google really wasn't paying attention to it. They
weren't keeping their software up to date. And they had a lot of
bugs in this apparently was a known security flaw they've been out
there for a while.
Craig Peterson 12:13
So this is private information on Google Plus profiles including
name, employer, job title, email address, birthdate, age, and
relationship status, and it went on from March to November 2018
Craig Peterson 12:28
and this was exposed by the Wall Street Journal by the way software
glitch called cause Google to expose a personal profile data
500,000 Google Plus users second data breach that affected another
52 and a half million it is going to be shut down for good in April
2019 so don't bother Google Plus anymore. Cambridge Analytica,
that's when I referred to a little bit earlier, the Trump guys
working for the Trump guys it was this a breach I don't know,
what's Obama getting information on over 300 million American
accounts was, was at a data breach that's not in here. That's
weird,
Craig Peterson 13:08
Cambridge Analytica, 87 million Facebook profiles and then data
identify and user's preferences and interests happened in 2015. And
this is your digital life. You might remember that my heritage, 92
million people's email addresses encrypted passwords of users who
signed up for the service Trove email address and hash passwords
sitting on a private server somewhere outside of the company.
That's from Business Insider Quora. This is a recent one 100
million Have you ever used core if you haven't, you might want to
check it out. Quora.com. People ask questions people answer
questions hopefully experts right are answering the questions and I
find some of the stuff really fascinating but they stole and this
includes me again account information including names email
addresses, encrypted password data from user counseling to core in
users public questions and answers
Craig Peterson 14:04
I don't by the way answer questions on Quora they don't have my
real name so they won't even let me post right. That's why I don't
answer I guess certainly an exclusion I use I I tend to use I've
done this because I who back in the 70s one of my first jobs was in
marketing and I helped to develop a marketing system computerized
IBM based that that put every competitor in the whole country out
of business and we had some pretty major clients you know,
Encyclopedia firms you know, grow earlier don't know if you
remember those guys and where's the record company Columbia Records
I Jude sign up for records and that was all our software
Craig Peterson 14:46
so it was kind of cool so back then I learned how your tracked and
what you should do about the tracking because of course it's your
data you want to know me as a marketer I wanted to know where did
they get my name from so I could still to this day use different
names email addresses contact info everything I can for every site
so that I know what who sold my name who's contacting me what's
going on? What's the marketing all about? So Quora had 100 million
people
Craig Peterson 15:19
malicious third party names email encrypted passwords, My Fitness
Pal 150 million people usernames, email encrypted passwords that
happened in February 2018 unauthorized party gained access to
data
Craig Peterson 15:36
see exact is 340 million people this is a massive database that is
used
Craig Peterson 15:46
to collecting gather information from all kinds of sources and then
sell it exact us
Craig Peterson 15:51
I'm in fact I think I had them on the show here 10, 15 years
ago.
Craig Peterson 15:57
So they had detailed information compiled on millions of people and
businesses including phone numbers, addresses personal interest,
personal characteristics
Craig Peterson 16:06
and more happened in June this year a security expert spotted a
database with pretty much us every US citizen in that left exposed
on a publicly accessible server although it's unclear whether any
hackers access the information that this is kind of interesting
because what they're saying here is that they had this database on
publicly accessible servers the smart money would bet that it's
like an Amazon server one of these cloud servers that businesses
are using a narc properly securing Marriott Starwoods Hotel 500
million people guest information including phone numbers email
passports reservation date, some payment card numbers expiration
date and they accessed it top install guests information in the
thinking right now based on the tools that were used in this
Marriott hack. The thinking is the date was the Chinese that
didn't. In fact, it was Chinese spy craft trying to get all this
information. And Marriott says if you can
Craig Peterson 17:07
prove that your passport number was not only stolen from Star
words, but you can prove that in fact has been used illegally. Then
they'll give you the hundred and $10 fee for getting into a
passport. Amazing name. And the number one drumroll please was at a
hard
Craig Peterson 17:28
1.1 billion records. private information on India residents
including their 12 digit ID numbers and connected services,
including bank accounts and credit cards, etc. was stolen. It's
unclear how long the data had been out there. But it was discovered
in March 2018. And this is how it happened. India's government ID
database stores the citizens' identity, biometric info experienced
a quote data leak honor system run by a state-owned utility company
in Dane hadn't secured their API, what I mentioned earlier about
API's, which is used to access the database, which gave anyone
access to add a har information. So there you go, there's the
biggest data breaches of heads a big deal, isn't it.
Craig Peterson 18:25
Now, this next thing is something that a lot of people are
concerned about. And that is apps and how apps are tracking them,
here's what you can do to stop them out there, I'm going to do a
thing for the FBI in regarding going to try and do something
similar. Some of the information is kind of classified, you know,
that is, it's, it's sensitive information. So I may not be able to
do a master class on this, I'm going to try to,
Unknown 18:51
but your phone, and particularly if it's an Android phone, and
particularly if you have Google software on it, but it
Craig Peterson 18:58
isn't just Google Apps to do this, your phone is being tracked. And
the data the Google collects on you is incredible. It's things like
you got out of a car, you walked for four minutes, and then they
put a probability next year,
Unknown 19:14
probability 60%,
Craig Peterson 19:16
you were in a car traveling from here to there, probability 100%,
you entered the restaurant and ate a meal probability 35%.
Craig Peterson 19:27
That's what they do. They read all of this stuff. And then they're
using it internally. And they're selling now in some ways, who
cares, right, in some ways is better. I don't want to see car ads.
When I'm not interested in buying a car. I want to see ads for
things I'm interested in. So from that point, this whole Google
thing where they're tracking us is a good thing. But do you know
how many people are tracking and what they're doing with these
databases? It's absolutely crazy. The New York Times, just to a
couple of weeks ago, purchased anonymized data from a third party
vendor now a nun
Craig Peterson 20:06
data, Okay, come on people,
Craig Peterson 20:09
you can
Craig Peterson 20:10
try and anonymized data, but you're not going to be able to
completely anonymized people are going to be able to go back and
figure out
Craig Peterson 20:19
who's data it is. So having anonymized data doesn't mean that the
information can be traced back to and the New York Times purchased
it from a third party vendor. There are many of them I just
mentioned, one is part of the 21 biggest data breaches and they use
it to show how companies are tracking people through their day.
Unknown 20:41
And completely, they know where you live, they know where you work,
they know where you go, and what you do.
Craig Peterson 20:48
So they went to the doctor, they want to exercise, etc, etc. And
they found that more than 1000 apps
Craig Peterson 20:56
have location sharing capabilities. Now on both your iOS devices
and your Android devices, it's supposed to pop up and tell you,
hey, listen, they want to track
Craig Peterson 21:09
us and Okay,
Unknown 21:10
and you might say, yes, you might say, No,
Craig Peterson 21:14
I'm going to have to talk about this in a couple of weeks. But
Facebook has been gaming and cheating that whole
Craig Peterson 21:18
system. But this report that came out here, this is a 2018 report
from mighty signal vague those guys have new mobile phone
analysis
Craig Peterson 21:29
is saying that there are 1200 apps in the Google Android store that
track you and 200 on Apple iOS, even apps that have no apparent
connection to location will apparently track your whereabouts.
Craig Peterson 21:44
So here's the bottom line. There are 50 plus apps on the average
phone. And I know I have at least that many, what do I do, what
should you do delete the apps you don't use and then go into your
settings.
Unknown 21:59
And this is available both in Android and in iOS, and turn off
location sharing for those apps that you don't want to do location
sharing with. And Apple has
Craig Peterson 22:10
recently added a new feature like within the last couple of years,
the lets you say that they can only use location tracking if you're
currently using the app. So I think that's a very good thing to do.
I turn if I want an app to be able to use location tracking I have
it set so only while I'm using the app that's a very simple thing
that you can do that should make life a little bit simpler for you.
So under settings and privacy is where you'll find it I've got this
article up and http://CraigPeterson.com. It's originally from
Market Watch, I think you're going to find it very interesting and
very helpful as well. Let's see I mentioned Marriott paying for a
passport. So, we'll set that one aside.
Craig Peterson 22:57
This Australian anti encryption building, you didn't hear me last
week. This is this is just crazy. Because about two weeks ago, the
Australian Parliament passed a bill is forcing tech firms
Craig Peterson 23:09
to help Australia security agencies bypass encryption. It's called
the assistance and access bill. And it's going to allow the police
to Tell Whatsapp signal I message etc. that are all end to end
encrypted communications that they must build in back doors so that
investigators can get access to the content of the messages. Now,
this is going to be rubber stamped into law course in Australia and
the Commonwealth fee. The Crown has to prove it. But that's a
rubber stamp. And security experts are unanimously pretty much
against these types of backdoor so be careful.
Craig Peterson 23:52
Australia is also one of the members of what is called the Five
Eyes intelligence agencies.
Craig Peterson 23:59
And this means they share data with the other members of the Five
Eyes. So that's the US
Craig Peterson 24:05
UK, Canada, New Zealand, and Australia. So they share stuff all the
time we heard about how the UK for instance, was sharing
information about the Trump campaign and the Trump campaign
organization. The UK apparently was sharing with the Obama
administration because your mom Mom administration under US law
can't spy on our citizens. But the UK can. Australia can New
Zealand can
Unknown 24:33
Canada can. And
Craig Peterson 24:36
that's how they get around the laws. Because the US isn't the only
country with laws and you can't spy on your citizens. But they get
around it by saying, Well, it wasn't
Unknown 24:45
it was the steel. He's the guy he was in the UK. Okay,
Craig Peterson 24:50
so keep that in mind. Because this whole issue of intelligent
encryption has really been bothering the intelligence agencies and
should be bothering you too because now Australia will be able to
break in. So if Australia can break into I message or WhatsApp or
signal
Craig Peterson 25:11
and they're trying to follow someone who's in the US. Will the
Australians be able to break the encryption for that US citizen
while they're in the United States and then share that with the
United States? And the answer is an astounding Yes,
Unknown 25:30
they can and they will it's going to happen. Okay.
Craig Peterson 25:34
So be very careful about this. I don't like this law. The Five Eyes
share way too much information. Our government is gathering way too
much information and it just scares the living daylights out of me.
Okay. That's that's the bottom line. Right?
Craig Peterson 25:50
Yeah. Okay. I do stuff within regard the FBI in regard program.
Craig Peterson 25:53
I work with the FBI on some of these really bad security cases. But
it's the worst of the worst, right? We're not talking about blanket
capturing, so don't blame me.
Craig Peterson 26:03
Okay, now let's talk about this real quickly. Our last article of
the day and this is about programs when algorithms go wrong. I
mentioned week or two ago about how California now is using
computer programs to figure out if somebody should get out on bail
or if they should go to jail if they can be trusted, right
Craig Peterson 26:26
and they're even getting rid of the cash bail system over there.
It's kind of nuts but how do you deal with that I can I can
cross-examine a witness on the stand and hopefully they can answer
the questions hopefully they are the expert that they've been
promised to be but many times that just is not the case so big tech
companies now found themselves in this artificial intelligence Gold
Rush they're going for our information as much information as they
can get they are putting the AI stuff in place based on the
information and you know we talked before about following people
and learning how to cook and stuff so they're doing all of that
what are you going to do when an AI wrongly accuses you
Craig Peterson 27:18
right or it denies you entry because it thinks that you're a bad
person which is already happening in China okay then this is bad we
got to have more wreck
Craig Peterson 27:28
not regulations but more accountability because there's a serious
accountability gap for these companies
Craig Peterson 27:35
all right you're going to find these articles and a whole lot more
http://CraigPeterson.com make sure you subscribe to my weekly email
so that you get a notification about all of my webinars our master
classes the free special reports all of this stuff
http://CraigPeterson.com/subscribe.
http://CraigPeterson.com/subscribe.
Craig Peterson 27:56
Have a great Christmas and I'll be back again next Saturday.
Bye-bye.
---
Related articles:
The 21 Biggest Data Breaches Of 2018
When Algorithms Go Wrong We Need More Power To Fight Back, Say Ai Researchers
Your Apps Are
Tracking You — Here’s How To Stop Them
---
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553