Dec 8, 2018
Want to add two years to your life? Wear an Apple watch. Yes indeed researchers found that just that extra day and a half of physical activity a month increases your expected lifespan by about two years.
Marriott, Marriott, Marriott, Marriott. They are a hotelier, they've got restaurants, etc. And they have some entertainment complexes. So, that's the business they are in, they are not in the IT business and they are not in the security business. Marriott bought Starwood resorts wanted to move them off of this crazy PC system that they had and move them over to a mainframe system. Bad guys had been in their systems and able to access them since 2014.
Do you know how much it takes how much time and effort and money it takes to become a data protection officer? It's incredible. It's absolutely incredible. 90 minutes is what it takes to take the course to pass the exam to call yourself a GDPR compliant data protection officer, 90 minutes. Amazing
These and more tech tips, news, and updates visit - CraigPeterson.com
---
Transcript:
Below is a rush transcript of this segment, it might contain errors.
Airing date: 12/08/2018
Hackers Using New Email Attack
Craig Peterson: 0:00
Hi everybody. Craig Peterson here. Welcome to show number 984. Wow. We've been busy. And that's a weekly show. 994 By the way, we have been on the air for many, many years. And those people who've been listening on to podcasts you know I've been podcasting for narrow on 20 years of course before it was even called podcasting. But today we are doing both on the air in podcasting if you want to listen to the podcast just sign up go to http://CraigPeterson.com/iTunes. You can also while you are there, leave a comment hopefully a little five-star review. I've appreciated those people that have taken the time to leave their comments or send an email to me@craigpeterson.com and let me know what they appreciate about the show. What are the things they got the most from and the most of just me@craigpeterson.com. I really appreciate your feedback. And the show, as you might imagine, is a lot of work to put together. And you know, it is a labor of love. And I really hope I'm helping you out Well, today, of course, we are going to be covering some of the technology topics that are going to impact us the most. And typically, that means security stuff, doesn't it? So we're going to talk a little bit about 23andMe. And this ties into a bit of a theme this week. How much information do people have about you? What are they doing with it and should you worry about it because there's another one Delta Yeah, Delta Airlines in Atlanta they've got the US is first biometric terminal. We'll talk about that and see if that's something that maybe, maybe you want to avoid. We got a Marriott hack. Of course, we're going to talk a little bit about that this week as well. Because that's a very, very big deal. And in fact, I am going to this coming week make another free offer. We've been working on it this week, a special report not going to cost anybody a dime with some really cool free upgrades as well. I really want to get more information to you. So we'll be talking about that but all about how to keep your credit safe. What is a credit report mean? I saw a stat last week that really kind of surprised me. And that is that three out of five Americans have never gotten their free credit report or any free or paid right to look at three out of five. So we're gonna have a special report on that that's going to be coming out, we're gonna have a special report on how to absolutely protect your credit, don't send the money off to Lifelock or some of these other guys out there, you can do better in fact, than Lifelock is Lifelock is going to notice after the fact hopefully that someone has tried to open an account in your name, and then you have to deal with it. Or hopefully, they'll notice that someone just stole money from your checking account because of your debit card miss being misused. Hopefully, it's going to get all squared away. But it's going to take your time, your money, and it can be just a total disaster for you. So there is a way to make sure it doesn't happen in the first place. And we're guaranteed in this day and age that if we haven't been hacked, we are about to be hacked, right. Just think of all of the major hacks over the last couple of years. So I've got a solution we've been working on it we're putting it all together and we're going to offer to you our listeners anybody on my insider's email list, so make sure you are subscribed. We've worked hard on it this week. It's not quite done yet I had hoped it would be done before the show today so make sure you are signed up for my email you can go to http://CraigPeterson.com/subscribe and give me your name and email address. I don't harass you I don't sell my mailing list to anybody use it to get my weekly show notes out to you. And if we have these free special report to let you know or the free master classes or master courses that's what we use it for. It's for getting information out so http://CraigPeterson.com/subscribe if you've already done it. Hey, thanks to you. I really appreciate it. We are down below 4000 subscribers. I think right now because we've been cleaning up the list. So if you haven't been opening my emails or you haven't been clicking on them in the last six months we've deleted you from our list and you might have to re-sign up so again http://CraigPeterson.com/subscribe, I'm going to immediately small You know, my system is going to immediately send you an email to verify it was you have to click on that link. So it'll show up in your mailbox a minute to two minutes later, click on that link to confirm it. You and then you be on you'll be able to get these special reports that are free you're going to be able to get these master classes that at least information about them that are free and the master courses, as well as they, are released. And, and special alerts about some of the worst things that are happening out there. And by the way, if you are podcast listener, and you are not subscribed, you can get it at http://CraigPeterson.com/iTunes. But that's another great way to find out what's happening in advance of everybody else. Because Monday, Tuesdays, and Wednesdays I typically release a podcast and it's me on some of the major radio stations throughout the northeast and the interviews that I do I'm a guest on those shows and I will be talking in no-shows I always talk about the latest and greatest and technology sometimes on other stations but usually it's it's iHeart. It's the old Clear Channel media guys thanks to them as well.
Craig Peterson 6:07
So in addition to the bad news this week there's a very cool story
and that's how I want to start out today you'll see it up on my
website at http://CraigPeterson.com
and this is out of the UK but it's talking about some new research.
Did you know that having an Apple Watch could add two years to your
life? Yes indeed researchers that wanted an Apple Watch for
Christmas
Craig Peterson 6:34
kidding although hey maybe this is a good, good excuse right?
Researchers have found that and looking at 400,000 adults that
those that had the Apple Watch or other fitness trackers and use
them to track their fitness saw active saw their activity levels
increase by more than a third that's pretty much now if you add all
of that up and you look at the stats here that people would
trackers managed four and a half or almost five days really five
days activity a month on average. So it's not like these are gym
rats, right? These are just regular people you got the tracker it's
in your Apple Watch remind you should go walk in right now. So it's
five days if you have the tracker versus three days, three and a
half days for people who don't have the devices now what's
interesting is that just that extra day and a half of physical
activity a month increases your expected lifespan by about two
years. Isn't that amazing? Now some of the biggest changes we're
seeing amongst people who were overweight and the people who were
the least active, to begin with and I think that kind of makes
sense right that at least it does to me this was commissioned by
health insurers over in the UK how second Matt Hancock the National
Health Service over there was the forefront in the digital
revolution in health so very good technology and a great excuse to
start using one of these fitness trackers Of course just having it
doesn't do anything you got to use the darn thing okay Marriott.
Marriott, Marriott, Marriott, Marriott. Now I don't want to totally
blame Marriott for this because Marriott is someone that found the
problem, you know Marriott's been on an acquisition spree they have
bought some amazing hotel chains. But as is often the case in
business, we are involved with our day to day operations. Right,
Marriott? It is a hotel business. Right, it's a hotelier, they've
got restaurants, etc. And they have some entertainment complexes.
So that's the business they are in, they are not in the IT business
and they are not in the security business. At least that's the
mentality. That's the mentality, I would say, of 99% of the
businesses I talked to,
Craig Peterson 9:08
and I get it, Okay, I get it, I get it, I get it. You make widgets,
right? Or you have clients that you're servicing. But in this
day and age, you have to have competent it people and even more
competent security people. Because if you don't have those people
on your staff, you're going to be in trouble. And we see it again
and again, you saw what happened with TJ access, the TJ Maxx stores
where they were hacked. And they were hacked in a crazy big way. We
had Home Depot, they were hacked, and in both cases, they should
have known better and we can get into a lot of the details about
it, Equifax, they should have known better Heck, they are in the
technology business, right? They're keeping tabs on all of us and
our credit scores. And that makes sense to you. Well, they bought
this chain of hotels known as the Starwood. Right. Starwood
something group. I can't remember what it stands for. But it's now
called Marriott Starwood division and Marriott uses mainframes and
I think that's a brilliant idea. By the way, you know, using PC's
for most larger companies is just absolutely insane. It just
doesn't make any sense. So Marriott bought Starwood resorts wanted
to move them off of this crazy PC system that they had and move
them over to a mainframe system. Now, don't get me wrong, right?
There are places where PCs make sense. In those cases, you might
want to look at Apple or even a Linux terminal desktop depending on
what you're doing. It may or may not work for you or even better in
this day and age iPads with something really powerful and strong
behind them but anyways, Marriott is using these mainframe
computers so they had to take the system that Starwood was using
and port all of the data over to the mainframe and they've been
working on it they got it completed this summer sometime well as
they were going through this their security people over at
Marriott. Notice something now something weird, and
Craig Peterson 11:22
I gotta stop for a second and say something weird is usually a sign
people don't put on blinders. Don't ignore it. You know, I complain
about my kids just walking past the trash cans, right? Trash days.
Wednesday, what day is it today, kids Monday, Tuesday,
what are those down by the street because every day I see the trash
cans out there. And now you're trying to remember to remind the
kids to take care of it. And most of the time I grabbed the trash
cans or my wife grabs a trash can, right and brings them up to the
house because they're just not noticing that detail. And it's a
pretty prominent detail. We have some big trash cans, right? I got
a big family. There's a lot of trash every week. And they still
manage not to notice it. And we see this in a business where
something weird has been going on. It's been going on for a while.
But you know, we were still able to do our business. But in many
cases, it's an email thing. But you know, can you come and have a
look at this. Our emails just acting weird, it's slow. We're not
sure what's happening are some of our customers or vendors and been
getting emails from us that we didn't think we sent and what's
going on.
Craig Peterson 12:41
So we see this all the time, we brought the FBI in on one of these
investigations that started just with weirdness in the email that
was ignored for a long, long time. And it ended up we found Chinese
active Chinese backdoors right into their systems. Okay, so so
don't ignore weird stuff. Well, in this case, Marriott security
guys noticed some weird stuff because the computer systems that
were running brands you've heard of, and you may have stayed in
like W. Hotels, Sheraton, who has a state in the Sheraton limit ran
and Four Points by Sheraton and some others, right. Just think of
all of the Starwood properties.
Craig Peterson 13:26
I stayed in the Le Meridien when I was in Paris. Last and I've
stayed in Sheraton's and I stayed in a W, we had a conference in
the W. And I've stayed up for points. I stayed at all of those
hotels. So they're going through the data, the going through the
databases, the monitoring the systems as they're integrated into
their new mainframe, and they notice some weirdness. Well, it turns
out that what has been happening, just like with this client that
we picked up just a few months back looks like what's been
happening is bad guys
Craig Peterson 14:01
had been in their systems and able to access them since 2014. So
let me see it is right now as we are talking, in fact, it's almost
2019. And that means they went in for what almost give or take for
years. And apparently, they discovered that this unauthorized party
had copied and encrypted information on their systems. Now,
encrypting your information that kind of sounds like it might have
been one of these ransomware type things, hard to say. Where they
tried to hold stuff ransom, did the Starwood group not even notice
the rent some emails, I'm going to come in? I, I don't know. Right?
I'm kind of only half joking here. But the databases that
apparently were stolen they were copied contained records of 500
million customers think about that number. What would happen with
you and your business how many customer records Do you have what
would happen if your competitors got a hold of that data right what
would happen if it was personally identifiable information like it
was here with Starwood apparently about 327 million guests records
included some combination of name, address, phone number, email
address, passport number account information date of birth,
sex, arrival and departure information so that's everything a
scam artist needs to scam someone and we're going to talk about
that here that's going to be next got another article we'll get to
about how those scams are perpetrated right now but wow.
Craig Peterson 15:57
Now some records also occluded according to Marriott included
encrypted payment card information, but could not rule out the
possibility that the encryption keys had also been stolen. So not
entirely Marriott's fault it was Starwood, they weren't in like it
or security business know they are in the hotel, your business
right now everybody's in the high tea business nowadays, pounding
the table here drives me crazy. You've got to have competent
security people in that does not mean the guy that spent an hour
and a half or maybe six weeks in some security course they don't
know enough, they can't do enough. You have to have experience.
We're working with a client right now over in Europe. And this
client has to comply with the new GDPR regulations in Europe as you
do too. Bye. Either way, if you have a single customer in Europe,
okay. And he hired a data protection officer. Well,
Craig Peterson 17:08
Do you know how much it takes how much time and effort and money it
takes to become a data protection officer? It's incredible. It's
absolutely incredible. 90 minutes is what it takes to take the
course to pass the exam to call yourself a GDPR compliant data
protection officer, 90 minutes. So we did a cyber health
assessment
of their network. They have like 40 computers on their network,
their smaller business and we found incredible it was it's over 100
million euros worth of liability. So, we gave this new data
protection officer the report and we said hey, listen, you know, we
talked to them first, and we sent them the report after Hey,
listen, there's a lot of data in here. We're more than glad to go
through it with you, review it, help you understand it, whatever we
need to do to help you out because there's some serious
deficiencies here and Okay, great. Yeah, we'll do so we
Craig Peterson 18:09
he sends back a message a few days later because we had detail
in there every computer every problem on that computer, the fact
that there was no anti-virus, etc. So, he sends a thing back
saying, well, Windows Defender was on these computers. Yeah, okay.
But Windows Defender is not considered to be a third-party
antivirus and does not meet any of the regulations.
Craig Peterson 18:33
If you're regulated industry at all. If you take credit cards,
Windows Defender is not enough according to the laws in the
contract, you will have signed and you should read that detailed
contract. If you collect credit cards as to what that means, okay,
pay attention to the details.
Craig Peterson 18:55
And then he says, well, it has McAfee's Malwarebytes on this one
machine. Well, Malwarebytes has nothing to do with McAfee
Malwarebytes, by the way, is great software, okay, don't get me
wrong, we use it. But it's just one piece, you have to have this
onion. So I'm sorry, I'm just kind of going crazy here. But
Starwood thought they were not in the security or it business
obviously every business today that I can think of except maybe Mr.
Slate from the Corey on the Flintstones every business I can think
of today has it and depends on it and depends on security So
please, please, please, please, please please vet your people and
we have a special report in the works again another free special
report that talks about how to vet these it people, how to vet some
of the people that might be trying to handle your security so that
you know and if you're on my insiders list I will definitely let
you know when that's how that's going to be free as well
again http://CraigPeterson.com/subscribe
so that you have all of that information. Okay. Alright, so I'm
going to go right now into attackers here. What's going on? Why
does the email address matter?
Craig Peterson 20:26
I was talking this week with a couple of people about this real
problem that we're having right now. No, you know, if you've
listened for a while that the FBI says the business email
compromise has cost $12 billion in losses. That's pretty dramatic.
And that's over the course of some years, a few years, but $12
billion is huge. So, I thought we'd take a couple of minutes right
now since we were just talking about the Marriott hack and if you
wanted to know more about that by the check out my podcast I talked
a lot about it earlier this week, which is just Craig Peterson comm
slash iTunes. And there's quite a bit of background information
that I gave this week. I'm not going to get into that anymore right
now. But here's the problem, right?
Craig Peterson 21:17
Why would you care? Why do you care? The core was attacked this
last week, they disclose that they lost personal information and
Cora's a website. A lot of us use Quora, I love poking around on
Quora, why would you care, that Starwood got hacked? Right? That
new Marriott division 327 million people if they don't have your
credit card? What does that mean? If they do have your credit card?
What does that mean? You know that having your debit card in the
hands of the bad guys is very painful because any money they steal
by using that debit card number comes where does it come from? You
checking account, right? So we already know that. How about your
credit card? If you notice that there were fraudulent charges on
your credit card, you can report it and no big deal, right? At
worst, they're going to issue your new credit card and you're going
to have to change your credit card number with a few different
people that you have on monthly payments, right? Not a terribly big
deal. How about your email address, right? That's even that's even
less worthwhile. I can see Craig I can see that having my bank
account number stolen is bad debit card numbers. But you know, come
on, what am I going to do get some more spam? Yes, you're going to
get some more spam but it's a specific type of spam that were
really worried about here I mean, really worried and I got a great
article up on my website Craig Peterson, calm from security week
that I think you might know, want to have a look at. But here's the
bottom line. If they get your email address, things become simple
for them to try and scam you. And remember, I just said how much
was that number from the FBI. $12 billion.
Craig Peterson 23:19
That's huge losses, you know, no matter how well I guess if you're
the government, you might not notice 12 billion. But $12 billion is
a lot of money to anybody.
Craig Peterson 23:32
What they're doing is the attackers will use social engineering
now, because they have your address to pose as a colleague or
business partner. So they'll run your email address through some
databases, figure out what the business is maybe a couple of other
people in the business that they can reach out to, if you're a home
user, they'll try a completely different tactic. But they are going
to try and trick you and they're going to try and trick you into
doing something you shouldn't do. Now, that might be as simple as
just clicking on a link. And we know that's been effective for a
lot of years. But these guys are getting better and better, the
emails can be quite convincing. The attackers now are making a
significant effort to identify an appropriate victim register a
fake domain. So at first glance, the email appears to belong to a
colleague or a supplier. I have personally seen intelligent
educated people who have fallen for this and its really, really big
account takeover here. Now attackers are using information and they
are going after you they have special malware now t loggers that
they'll put onto your computer and hijack corporate email account.
It can be as simple and I've I've pointed out this video before had
it up on my website. It might still it's probably still there. I've
got stuff for the last 15 years up there, but of how a hacker from
Eastern Europe used social engineering. And what she did was
pretend to be somebody's wife. Because she was able to figure out
the guy was out of town, and he was on vacation. And that's not
hard to figure out. How many of us are posting on Facebook or on
Twitter, or announcing here on the radio that we are leaving town?
Bad, bad idea. So they now get access to your email box. Where does
the change my password link? Go? Think about it. Where's the last
time you changed your password? Hopefully recently, where does that
link go? Where does it take people? Well, that link goes to your
email box. If they now have access to your email box which is
relatively easy for the bad guys to do. They now can reset your
bank account or other information Okay, that this goes on and on. I
should produce some training on all of these individual things. But
anyways, keep an eye out. I've got some special reports coming out.
Make sure you have subscribed http://CraigPeterson.com/subscribe,
get my insiders list. I don't harass you. I'm not some internet
marketer. That's just selling stuff all of the time. I really am
trying to help. And I was able to talk to quite a few new clients
this week. And including a construction firm right here in the
state and help them out and gave me some ideas of some other master
classes we should have about how to do backups, how to have data
protected at rest, how to do encrypted vault, all stuff that's very
complicated for the average person, the small business, the Soho,
right small office, Home Office, so we got some great ideas from
that and I'll be doing those we're gonna be doing master classes on
all of those guaranteed not this year. Okay, we don't have much
time left. I have a lot of stuff to do before the end of the year.
If you have ideas about things you think I should either talk about
on the show or maybe I should be posting online or some master
classes that you think would be useful to you and your business or
your home. Email me@craigpeterson..com. me@craigpeterson.com
or you can text me anytime 855-385-5553 that goes straight to me.
And I usually can get back to you pretty quickly on weekends. Wait
till Monday or so 855-385-5553 with any questions or comments that
you have right there from your cell phone. Obviously normal data
and texting rates will apply. Have a great week and we'll be back
next week with more from Craig Peterson. Bye-bye.
---
Related articles:
Apple Watch Could Add Two Years To Your Life, Research Suggests
Attackers Are Landing Email Inboxes Without The Need To Phish
Delta Says Usa’s ‘First Biometric Terminal’ Is Ready To Go At Atlanta Airport
Mastercard, Microsoft Team On Digital Id
Handgun Buyers Would Have To Give Cops Social Media Passwords Under New York Proposal
---
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553