Nov 10, 2018
Are you familiar with Business Email Compromise also called BEC Listen in today and I will tell you why you need to be concerned about this.
Businesses getting hit by other cybercriminals right here. I will be going through some of my most recent customers and why they ended up calling us.
So what's up with the Chinese have been stealing our intellectual property. We will talk more about this today in quite a bit of detail
What Browser do you use? There are many to choose from. Today I will talk about why you need to be concerned about the browser you use.
These and more tech tips, news, and updates visit -CraigPeterson.com
---
Transcript:
Below is a rush transcript of this segment, it might contain errors.
Airing date: 11/10/2018
China Monitoring US Communications - Stop Using Microsoft Edge - Cellphones Just Aren't Secure
Craig Peterson: Hello everybody Craig Peterson
here for another half hour of Tech Talk. You can hear me online Of
course on iHeart make sure you tune into your iHeart Radio
stations. You'll find my
podcast also out pretty much everywhere and iTunes I really
appreciate it when you take a few minutes and make a comment. I
read them all over also on my website so you can go to
http://CraigPeterson.com/iTunes. Well, today we are going to be
talking about a couple of things I think
Craig Peterson 0:34
you're going to find interesting one, we're going to tell you why
you don't want to download Chrome, or at least ways not to download
it. People are really getting scammed here with cell phones. Are
they really secure? What does that mean? China has been hacking the
vital internet backbone of many Western countries and MIT This is
really interesting. We've talked a little bit before on the show
about the whole trolley car dilemma we're talking about a little
bit now, too, because MIT has conducted a study and they have
completed it, I signed up for it and answered some of their
questions. This was a while
Craig Peterson 1:13
back that I did it. I think it was the same study. But anyhow,
we'll talk a little bit about that showed our self driving cars
kill the cat, the elderly, or the baby, the results of the poll are
in and they vary based on where you live. Ultimately, here, we're
talking about some pretty exciting and interesting stuff.
Craig Peterson 1:36
Now, also, this week, I gotta warn everybody, particularly small
business people, we picked up a couple of new clients again this
week with major infections. Now the FBI is warning and they put out
a warning here very recently about business email compromise. This
is for small businesses who don't really have their security
together, their people aren't doing the right term meaning. And
even if you are, you might get nailed. There was an article in the
news this week about one government employee clicking on a link in
a website, I guess it came from a website and ended up compromising
thousands of government computers. So it is a real problem.
Craig Peterson 2:20
And most businesses that get hit by this stuff end up out of
business, the small ones do the bigger ones typically have a bigger
budget to deal with. So in the case this week, it's a small
company, family owned second generation. And they make things here
in the US, which is really rather cool. And they thought they were
safe, because they had three computers, that's all they had a
couple of dozen employees who did the assembly of their product.
And they were very careful about taking their computers offline off
the internet when they didn't need to be on the internet.
Well, we found 12 different major infections across just one
computer. It's amazing what's been happening
Craig Peterson 3:08
and who knows what kind of data has been compromised from. So just,
you know, everybody be careful out there. And we're going to have
more training courses, keep an eye out. I've been really busy. The
whole thing with the FBI Infraguard program where I'm running their
webinars for them now, nationally, and it's just been very busy the
last couple of weeks, I'm putting some stuff together, we're
talking about a big summit that we're going to do maybe in the
spring. In fact, this last week, there was a big head honcho
meeting down in Quantico talking about it, but hopefully we'll have
the security summit next year. I'm really
Craig Peterson 3:44
pushing to make it so that it's not just for FBI government, in
regard people, because that's typically what I'm doing when I'm
running these webinars for the FBI, you're just as a normal company
person, you can't attend them. So I'm trying to get it so that
second quarter next year, we can have this big summit anybody can
attend for free. That's, that's what I'm aiming at here. Because
I'm trying to get the information out and you'll be able to learn a
whole lot. It's, you know, the plan is it's going to be a weeklong
summit, we're going to have 50 or 60 different
topics, different speakers, and we're going to arrange them
into different tracks and you know, the whole big thing. So it'll
be a huge, huge, huge thing. And hopefully, the FBI is going to
say, Fine, go ahead. But you know, sometimes not, it can be
difficult to convince them to
Craig Peterson 4:39
do things even if they don't have to do it. If I'm going to do all
my work, all the work in my team is going to be helping out. So
hopefully we'll be able to do that because there's so much good
information that is available and you don't have to become an
expert. That's the nice thing about it. Right? If you're trying to
run a business, you're you're busy running your business you
don't want to worry about the whole thing cyber thing and that's
where we've been able to help out a whole lot with the FBI
Infragard program free to join it takes a few months they do a
basic background check. They don't call it an FBI background check
because it's not but it's the FBI that does it but it's not one of
these things where
Craig Peterson 5:18
like justice Kevin Oh, where they're drilling into everything in
your background everyone we've ever mapped her anything it's just
you know, I more like have emerged anyone recently type of
background check so check it out Infragard.org you'll find that out
there online you can sign up if you're involved in the critical
infrastructure and I think it's important to do because there are
alerts coming out from there all the time now let's get down to
some of the articles from this week and if you got my newsletter
this morning hopefully you did you can read along Of course I spent
a lot of time doing commentary you're not going to find that in the
newsletter and if you do don't
Craig Peterson 6:00
get my weekly newsletter sign up right now Craig peterson.com slash
subscribe that's Craig C R A I G Peterson with an o.com slash
subscribe. And right there on my homepage to there's a sign up if
you want to be informed about some of these other free business
webinars that we're having. Again, no charge people. This is
Craig Peterson 6:23
real. I'm I'm the real thing I'm trying to help out. I've been
doing this for decades and decades, very long time. And I really
want to help out I want to help you out if you're a home us. In
fact, we had another brand new client come on board, she attended
one of our webinars. And one of the ones that I did on ransomware a
couple of
weeks ago, you know what, I'm going to have to send out a thing,
invite you guys on to the replay because we got a lot of great
feedback from it. But she's a non-paying client. And that's
absolutely fine. Her husband in her had a business and he
passed on, she sold the asset, shut down the business and had all
of this stuff on her computer, which has, you guessed it -
ransomware. So we are hopping on her machine and getting her all
taken care of, and she is so grateful, you know, just a listener, I
don't have a business can you help me out. And that's what we're
here to do. So we're doing a cyber health assessment for her
indication of compromise clean up after the ransomware, she has a
basic backup.
Craig Peterson 7:41
And I thought this company did a better job than apparently,
they're doing, I'm gonna have to look into this a little bit more
and do a webinar on backups. But according to her, and it's a name,
you all know if you know anything about backups. They only keep one
generation for her. So she's not sure the backup they have is also
encrypted with ransomware.
Craig Peterson 8:05
So she might be in big trouble. But that's the whole 321 rule. When
it comes to backups at all, I'll have to explain. If you're
interested, sign up. I will explain this. We do this site and kind
of stuff offline because I don't want to drill down too deep on the
radio show and lose too many people. But we will do one on backups.
We've got some other scheduled to how to treat data at rest and
encryption, encrypted vaults and all that stuff. Just trying to
make it easy for everybody. So she's really worried
because, you know, her husband passed on all of the records,
they're all of the business records are there and she got
ransomware, 60% of small businesses this year are expected to have
a similar thing happened to them.
Craig Peterson 8:51
What would happen to your business do you think that would help or
hurt? Yeah, yeah, 60% of businesses are expected to get one of
these nasty pieces of nastiness from the bad guys. And of
those 60%, 50% are expected to go out of business within six
months. So by the end of the year, middle of next year, we will
have a lot of small businesses who will be out of business and
somewhere helping her out and we can help you out to we're not
charging This is free. I have committed the resources to do 100 of
these small business cyber health assessments to
Craig Peterson 9:32
toward in 2018, so we still have some left that we will do we the
last quarter 2018, there's 100 available. You know, we normally
charge for these but for listeners, I really want to help believe
me, I want to help. That's why I do all of this volunteer work. I
volunteer for the FBI and infer guard program to run the webinars.
I am here to help bully me know a lot of people will tell you that
I have hundreds and hundreds of recommendations along those lines.
So don't don't feel afraid. Don't feel pressured because I'm not
selling anything. Okay. I just visit right now. Craig Peterson.
com, make sure you sign up to get notified about our future
webinars because we'll we'll do more and they will continue on past
the backup stuff. So let's get into some of the additional stuff
China's doing right now.
Craig Peterson 10:30
Well, you know, China has been very involved in espionage. And
you've heard it in the news, some of the news like Fox, etc. They
tend to carry the whole story, Wall Street Journal, things like CNN
whose viewership by the way down 40% in the last year more people
according to the stats I saw this week, more people watch Cartoon
Network, then watch CNN. So that shows you how credible they are is
a news source. But anyhow, the Chinese have been stealing our
intellectual property. And we caught the Chinese red-handed, no pun
intended in a company or right here, right here, local, which just
totally blew me away that they had three back doors into their
systems and they were stealing all of their intellectual
property.
Craig Peterson 11:24
Imagine that right? I mentioned this before in the show, but you
spend all this time all this effort with developing your
intellectual property, developing your hardware, your software, all
the designs, and this particular company again, it was an older
gentleman that was running it he'd been running it all of his life,
his entire investment, his life savings were tied up in the
business and the Chinese were headstone and it also imagine
competing against your own designs being made in China. Can you
imagine that? Imagine how that would turn out. You are competing
against your own designed, manufactured in China.
Craig Peterson 12:05
So China has been very busy in stealing our intellectual property.
They really are people, this is not just our widgets better than
yours. It's, hey, we made your widget better her reminds me of
a joke from the 70s of you know, the Russians us invented
something, and the Russians, quote, already invented it and quote,
and then the Japanese, of course, made it smaller and cheaper back
in the day. And of course, it's not Japan anymore. It is China.
Craig Peterson 12:35
Well, there is a new report out right now talking about a Chinese
state owned telecommunications company that's been hijacking the
vital internet backbone of Western countries. Now, this is
according to an academic paper published just this week by
researchers from the US Naval War College and Tel Aviv University.
So these are people that really know what they're talking
about.
Craig Peterson 13:01
And they're saying that the culprit here is China Telecom. This is
the country's third largest telco, and they're an internet service
provider, just like it here in the US, right? You might have
Verizon or at amp T. Nowadays, Comcast is doing this sort of thing.
But in this case, China Telecom has a presence inside North
America, and has had presence inside our network since the early
2000s, when it created its first Point of Presence. So how do you
think that might affect you, or might affect our networks here,
they've been doing this they've had upon your presence for almost
20 years now. And as it turns out, here's what's happening.
They've created these points of presence centers, these data
centers,
Craig Peterson 13:47
and according to this report, these Chinese data centers are doing
nothing more than rerouting internet traffic
Craig Peterson 13:55
between all of the smaller networks that make up the larger
internet and are monitoring it now This happens all day. Every day.
We do this right. Mike company is an internet backbone router
Craig Peterson 14:10
where we take stuff from archive and smaller networks. And we use
protocol called BGP, and we tie all these networks together, and we
send it out to the quickest shortest route on other networks. These
are called autonomous systems, a SS and now you have huge
companies like Google, oh, and Verizon, and others, all the
way down through small little guys, you know, university networks,
maybe banks, web hosting companies, companies like ours and others
that are all doing this.
Craig Peterson 14:42
So apparently, what they've been doing is hijacking BGP
announcement and it's kind of interesting because the studies
have been showing that China Telecom started abusing this BGP
protocol, which is used to route between the network,
Craig Peterson 15:00
China Telecom has been doing it at least ever since it entered into
this pact and 2015. Now remember, September 2015, Obama and the
president of China entered into this agreement, right, that China
was going to stop all government back cyber operations, right. And
I laugh as though, you know, really, really, you think they're
going to stop it all? Yeah, cuz he asked, right,
Craig Peterson 15:29
no, they didn't stop it. In fact, they ratcheted up right then and
there so that this agreement necessitated new ways to them get all
the information. So they did enter China Telecom, the research is
saying that they've built a route tracing system monitoring,
the BGP announcements and distinguishing pattern suggesting
accidental or deliberate hijack, you know, we've seen the Russians
do this before. And, you know, we really are in a Cold War right
now, frankly,
Craig Peterson 16:04
the Chinese are a little more concerning than the Russians are, I
don't know if you saw this week. But the Russians biggest dry dock
St. And they're only aircraft carrier. The only one the Russians
have was damaged when this dry dock saying so Russia is not a huge
challenge to us like China is becoming especially in the South
China Sea. So they've got a system online, they've been watching it
a lot of stat
Craig Peterson 16:32
in October 2016 traffic from several locations us to a large Anglo
American bank headquarters in Milan, Italy, hijacked by China
Telecom traffic from Sweden and Norway to the Japanese network of a
large American news organization hijack to China for about six
weeks. Now, the only way people really even notice this is things
tend to get a little bit slower February 2016 for about six months
routes from Canada to Korea were hijacked by China Telecom and
routed through China traffic to the mail server and IP addresses of
a large financial company in Thailand hijacked during April, May,
July 2017. Some of the hijack attacks by the way, started in the
U.S.A, were trying to telecom has a presence.
Craig Peterson 17:25
So it's very, very interesting here, China's network, very cut off
on the rest of the world. And China is working with Google right
now in developing the system to track all of their people even
closer than they're being tracked right now very, very closed and
yet their routing all of this traffic through their network so they
can have a good look at them. So be careful out there. They really
are out to get us it's it's amazing. I'd hate to think that some a
war-ish stance or posture was taken by China. And they did all of
this stuff more maliciously, than
Craig Peterson 18:02
they're even doing it right now. So be Be careful. And we have seen
China now in various customer networks here, right here in the
northeast United States. And, of course, other people are seeing
them all over the country. We're seeing them, the FBI seen them,
everybody seen them, China, it is a real risk right now.
Craig Peterson 18:31
Now, you know, I've talked about Microsoft before, you guys know, I
have no love loss for Microsoft. Although I also have to say that I
have been using some of their services more and more lately. And,
and using them with my customers.
Craig Peterson 18:45
Microsoft has a new Office 365 stack. And they have one that even
includes the operating system. And I got to say, given kudos here,
because they are doing a very good job with it. Now, they're not
solving all the problems. Security isn't the best. But it's not the
worst. And I think you're much better off with a no 365
implementation than going for Google's implementation. But that has
to do with security. And also has to do with keeping your data
confidential.
Craig Peterson 19:17
People who download and install Windows, Windows 10, specifically,
you notice there's a new browser, Microsoft's Internet Explorer, a
total piece of junk that was so far out of date, it was crazy. So
many companies have written software that's dependent on so-called
features, also known as side effects in the Microsoft Internet
Explorer Explorer browser that you have to be careful. So my little
word of advice just off of the side here, if you're in business at
all, and you're thinking about having a website and having some
features on it, do not use Internet Explorer, don't test for it,
that's not your target. Nowadays, the number one browser out there
by far as Google Chrome.
Craig Peterson 20:09
So if you're designing a website, make sure chrome works on it. If
it works on it, you know, good for you, right? But Windows 10 comes
with the Edge browser. And most people are thinking that the Edge
browser really has one purpose in life. And that is to download
Chrome or Firefox, Firefox being the better of the two at least
right now. And if you want to be absolutely safe, you're probably
best to run the epic browser, okay, will be very careful. Because
if you run edge on your Windows 10 PC, and you don't have the URL
for Google Chrome, and you
Craig Peterson 20:53
type download Chrome into the address bar. And if you click the
first result provided by Bing search, tried, who's ever heard of
being before well being is Microsoft search engine and they had
been contracting to third parties to provide the results are trying
to do it now themselves. But if you go into your new Windows 10,
you open up the web browser, it's called Edge and you type in
download Chrome, and you click on the first entry. The first
URL, you are going to get highly visible Google Chrome ads for
months.
Craig Peterson 21:34
Okay, Google and Firefox know this being can't be bothered,
apparently, to fix this problem. So be very careful. Okay. The top
result for download chrome was Google online.
Craig Peterson 21:51
It's a fake site. It's a pretty good copy of Google's chrome
landing page, it looks general enough genuine enough to fool people
the downloads called
Craig Peterson 22:02
chrome setup.exe. And the digital signature if you take a close
look is signed by alpha criteria limited, and that's definitely not
Google. So go to Google.com. And from Google.com, if you need to do
a search is probably the easiest way to do a do a search for Chrome
and stop using Edge. It is not a good browser. Okay, just don't use
it. Use Chrome or use Mozilla's Firefox, something to seriously
look at
Craig Peterson 22:37
and believe how fast this half hours going and goes quick, doesn't
it?
Craig Peterson 22:41
Well, we're going to hit a couple more articles here really
quickly. One has to do with cell phones. You might remember
President Obama when he took office, he had his wonderful little
Jimmy have a crack Barry, I think it was he had his
little Blackberry that he used. And he didn't want to give it
up because
Craig Peterson 22:58
he'd been using it for so many years. And he had so many friends on
it. And he could, you know, text back and forth and have great
messages, emails,
Craig Peterson 23:07
I can get it right. And now we've got President Trump The 4am
2am
Craig Peterson 23:13
is sending a tweet and he's using just regular phones. And there's
anybody can tell. Now
Craig Peterson 23:18
President Obama was finally convinced by the Secret Service to stop
using his own personal device. And he got a secured government
device. But it looks like President Trump has still been using his
cell phone since he became president. And that presents all kinds
of potential security vulnerabilities. No question about it, even
if it's iOS and fits Apple what Apple being much better than
Android when it comes to security. But even if it's Apple, you got
problems.
Craig Peterson 23:50
Now, the security rules do prohibit them from using a regular
Craig Peterson 23:52
cell phone throughout his presidency. But apparently he's using
Twitter on his phone. So the question is, who else is listening in?
Who might grab his Twitter account? Who might be able to listen to
cell phone calls, who might be able to turn on the microphone in
his smartphone and listen in on the conversation or turn on the
camera
Craig Peterson 24:15
in it, right? Many companies or companies, many countries are
trying to listen in, we know the NSA is listening in to everything
they can they do bulk data collection that get as much
Craig Peterson 24:30
cell phone and texting information as they can possibly get from as
many people as I can possibly get. And then they use that later on
to figure out who spoke with whom. And if this person is a risk,
then that person might be. So who else are they talking to? Right?
You get into two hops, three hops, five hops away as they try and
figure out who's who, right. Well, some of these other countries
are going specifically one on one. And potentially there are two
there's two basic places that you can eavesdrop on pretty much any
communication system at the end point, obviously, which is the
phones themselves. And if it's a smartphone, it can be compromised.
I don't care who makes the phone and the other is during
transmission. So cell phone attacker could also eavesdropping on
the cellular network. And we've talked about those devices, Sting
Ray devices that can be put up that are fake cell towers that allow
a third party to listen in. Obviously, there's problems with all of
this right now. 2016, WikiLeaks they published a series of
classified documents listing target selectors. So these are phone
numbers the NSA is searching for
Craig Peterson 25:50
and they included senior government officials from Germany
including Chancellor Angela Merkel,
Craig Peterson 25:54
France, Japan, many other countries now
Craig Peterson 25:59
other countries don't have the worldwide reads the NSA
Craig Peterson 26:01
has but when you consider what we were just talking about with
China and China Telecom being able to get into our networks and
reroute traffic eavesdropping, including eavesdropping of the
President's phone it's not inconceivable that absolutely for sure.
Now if you
Craig Peterson 26:21
missed last week, well I did the ransomware webinar I've got more
coming up we're going to be doing a webinar on backup absolutely
free not selling anything no credit card needed there it goes out
enough disclaimers I really want to help out make sure you visit
http://CraigPeterson.com right there on the homepage. You can sign
up to be notified when my next webinars going to be these are
typically 45 minutes to an hour. They are information packed. I
will give you replays of them if you attend and we've got a lot of
people that are asking about it. So check it out, http://CraigPeterson.com. http://CraigPeterson.com and have a
great week everybody. Take care. Bye bye.
---
Related articles:
China Has Been 'Hijacking the Vital Internet Backbone of Western Countries'
Stop Using Microsoft Edge To Download Chrome -- Unless You Want Malware
Nobody’s Cellphone Is Really That Secure
You Might Be Able To Collect $100 From Yahoo’s Massive Data Breach
All the Fun Things You Can Do If You Steal Someone's Identity
How China Rips Off The iPhone And Reinvents Android
Brain Implants Used To Treat Parkinson's Can Be Hacked And Used To Control People, Scientists Warn
MIT Reveals Who
Self-Driving Cars Should Kill: The Cat, The Elderly, Or The
Baby?
---
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553