Mar 23, 2019
That last tweet or facebook picture may raise your insurance rates? We will explore why?
Extortion and the Internet. Now even normal people are the targets of these tactics? Unpacking the trend in Virtual Kidnapping.
Whose watching us? Why? Yes, it is time to talk more deeply about Surveillance.
For all this and more tech tips, news, and updates visit - CraigPeterson.com
---
Transcript:
Below is a rush transcript of this segment; it might contain errors.
Airing date: 03/23/2019
Using Social Media Posts For Insurance Rates - Virtual Kidnapping - The Surveillance State
Craig Peterson 0:00
This has kind of become my theme music, hasn't it? Over the last
couple of months.
Craig 0:09
I like it. I've been using it all of my training videos and just
all over the place.
Craig 0:13
And it's nice because I have the rights to use it, right? I don't
have to worry about getting banned on YouTube or some other place
because I'm using music I don't own right? Copyrighted stuff. But
it's crazy when people do that. And just, I guess just don't know.
Well, we have a bunch to talk about today.
Craig 0:34
Also, I don't know if you caught it this week. But make sure you
catch my podcast at http://CraigPeterson.com/iTunes. But I talked
about two business problems. This week, we got a huge aluminum
manufacturing giant over in Norway. It's not just basic
manufacturer, I mean, these guys are huge. It's called Norsk Hydro,
they also provide power and other things, had to shut down because
they were nailed with ransomware. So I went through what happened
there, what the whole thing was about some pros and cons, some
things that we as business people can kind of keep an eye out
for.
Craig 1:13
And then I also talked a little bit about this, Michael, in fact,
quite a bit about this Michael Cohen investigation and triggerfish,
and what that is all about? And yeah, I thought that they had
pretty much stopped using triggerfish and some of these other
technologies. But as it turns out, no, that is not the case. So,
that's what I talked about this week. It's a Security Thing. And
right now, of course, we are live on the radio. And we're going to
talk about a half a dozen other things that we just never managed
to have quite enough time to get to, right. We're going to be
talking about HR departments and the problem we have right now,
with the huge high employment rate, how some of them are turning to
artificial intelligence and how you might too. The guy who founded
WhatsApp has a warning for us about Facebook, and I don't know this
guy, come on, you made your money you got out and now you're upset.
Bizarre malware is disabling some safety systems that industrial
plants. And it's an interesting, quote, ethical line, unquote, for
hackers, because historically, they have avoided things that would
cause problems with public safety. But now they are no longer doing
that. I talked a bit about that as well. This week, it's a security
thing. On my podcast again, http://CraigPeterson.com/iTunes, a
massive database leak. And we know we're seeing these almost every
week but this one's more interesting, because it turns out, it's
surveillance on Chinese citizens by China. So what are they doing
over there in China's digital surveillance state and what's coming
here because these companies that are providing them with the tech
are based in the US? And life insurers can now use social media
posts to determine your premiums. That's an interesting one.
Craig 3:17
And we will start up with two virtual kidnapping scams that
occurred within 24 hours this week over in Laguna Beach. And it's
something that I have a bit of a personal tie to, not in Laguna
Beach, but these virtual kidnapping scams. One of the ladies that
work with me, her friend had one of these happened to her. In fact,
I think she got called out, this lady that works with me. And man,
Maria, the thing that happened. It was just absolutely amazing.
This is an article from the Orange County Register on California,
it's up on my website, http://CraigPeterson.com. Two
virtual kidnap cases within 24 hours, have led please to alert all
local schools. Both these incidents were similar phone calls who
were made to potential victims, with the color demanding a large
sum of money or threatening to harm a loved one. Quote, we
definitely believe these incidents are connected and said Sergeant
Jim Kota, who last summer spearheaded assistance for Laguna mother
who sought help after receiving a threatening call. They are
happening and surrounding cities and all appear to be connected to
the same group. All of them want money transferred to an account in
Mexico. And they are directing victims outside of the city to
withdraw money. It's like they've been there before. They're
sending them all to Costa Mesa to make this payment.
Craig 4:53
So they had a report on March 7, and the victim here of this scam
had already paid $5,000. And the article goes into some detail. But
the here's the bottom line on it.
Craig 5:11
The FBI got involved about a week ago. And of course, they
investigate the scams, and they work with local law enforcement
agencies. So if something like this happens to you, you can call
your local police department. But what it is these virtual
kidnapping scams, and what happened to the lady that works with me
is that they call you up pretending they have kidnapped a loved
one. Now, usually, they found out a little bit about you, they
might have gone on to your social media to figure out who you are
or what you're doing or where you are, etc. who your friends are.
And so many of us have that information out in public on Facebook
and elsewhere. So they reach out to you, they say I'm holding so
and so hostage. And unless you make this payment, I am not going to
release, I'm gonna kill them or whatever it is. So these are
virtual kidnapping cases. Now in the case of a lady that works with
me, she got a call about a friend she has. And sometimes these are,
hey, they're out of the country, they need money to get back in,
and I'm with the government, and we're holding them because they
did something wrong, etc. There's all kinds of these scams. But she
was smart enough to call up that person and found out that yeah,
that's not me, I don't know what's going on, I'm fine. There's
nothing going on at all. So that's something to keep in mind, too,
that you can call, do a little research on your own and follow up
because these people are not necessarily really smart or thorough
in what they're doing. So keep that in mind as well. But Laguna
police department is warning people that it's happening on a wider
basis right now.
Craig 6:58
Next up, we have this questionable practice by life insurers; you
know that many life insurance companies use your credit rating, to
come up to the premium. They do that for all kinds of things now.
They do it for health, they do it for employment, looking at your
credit rating. And we've also talked before about how in some
countries like China, they're using your social credit now to
determine whether or not you're worthy for a loan, etc. You know,
five years ago, we wouldn't have thought twice about this, who
would have thought this is crazy. It's not likely to happen. You
guys haven't because we've been talking about this for what 10 or
15 years. But New York's Department of Financial Services has
released new guidelines that will allow the life insurance company
to use data from customers social media posts to determine their
premiums. And experts are saying these rules could potentially
extend to other states and you know, some of these federally
chartered companies and agencies. So the new guidelines are
suggesting that companies can use the data from other
nontraditional sources as well, though insurers will have to prove
the information doesn't unfairly discriminate against protected
groups.
Craig 8:20
There's a bunch of really press release stuff here in the article
if you're interested that that's up at
http://CraigPeterson.com.
Craig 8:28
The National Association of insurance commissioners released a
white paper back in 2012, from what they call their social media
working group that address the ways that insurance companies
couldn't use social media in their marketing, and also ways to use
it to monitor customers. And they're saying that as of 2012, they
are already using it. So we've warned everybody for a very long
time, do not post things online that you don't want to have shown
up later on. Because that's one of the first things that police do
when they start investigating someone now, they'll go to your
social media; they'll search for you online. Right? Google is their
first line of investigation. And it looks like even for this
dossier they've been using to go after President Trump and try to
show Russian collusion, that even that dossier was put together
from online searches on the CNN website of posts people had put up.
Man, I heard that this week, I have no idea about the validity of
that. But what we say online, reflects us to some degree. And if
you do say it online, it can and will be used against you. Now, you
know, I like Apple, and I love the way they handled privacy, they
don't give all kinds of information out to third parties. They're
not trying to mine that information themselves to have some sort of
a significant advantage about you or in what you're doing and what
you're going etc. So Apple's pretty good about that. But remember
that Apple too, if they have a subpoena, that's obviously
legitimately issued, they will give up information about you. And
they have turned over iCloud accounts and other things. So just
because you have things online that you've posted, that are
considered private and you shared with your best friend or
your family, remember that law enforcement can certainly get at it.
Bad guys can get at it, they're always cracking into Facebook
accounts, and your friend or family has it and could possibly
reshare it at which point now it's no longer private, right? They
could repost it; they could save it, they can put it away for a
rainy day when they want to play blackmail you. So, be very, very
careful about what you say online because much of that can and will
be used against you in the court of public or company opinion. And
I think New York might have done us a bit of a favor here too.
Because it's not just about going on to social media, you know,
Facebook, or Twitter or whatever. It really goes to the next level.
You know, we've seen deep fakes, we've talked about them here
before, one of the big ones is this plane that's kind of flipping
around, and it's a big ass jet, that passenger jet. And it was a
total fake, and it was shared millions of times online. So you've
got that. But you also have legitimate stuff. But I think part of
the favor they're doing here is putting something on the record
that can be challenged. These life insurance, actuarial tables, the
car insurance that you buy, that is based at least partially on
your credit rating, how do they work? What are the parameters that
go into these? How is the program written? What bugs are there in
that program? You don't know they won't tell you. And that's part
of the problem I have with what California is doing with getting
rid of the bail bondsman. They say well; we can trust this
algorithm. No, we can't. How many times have we talked about having
computer programs fail on us?
Craig 12:20
So there are are no states right now that have any rules or
regulations about how life insurance and the automobile insurers
and the bondsman can populate the data for their algorithms for
their programs. There's no rules, there's no regulations, you can't
challenge them in court. They'll bring in some professional that
says some mumbo jumbo that's beyond the judge. It's beyond the
jury, and is beyond the truth, right, all in one. But you don't
know that. We do know that. They're currently using public records
like home ownership data, credit information, education level that
you had in college or high school, any civil judgment, any licenses
you have anything they can find that's public, and even your
internet use in the history of they can get their hands on it. And
now this is an extra step and people are freaking out. And I get
it; I understand that I would too. And but now we can get the legal
system into action. And I hope they do. And I hope that there's a
good precedent set and not some lousy precedent. So you know, I
just, you see that too much when you have judges, juries, and you
know, defense attorneys and prosecution attorneys that really don't
understand what's going on. And so then you end up with bad
judgments, right? Bad dicta in the cases, from the judges, etc.,
etc.
Craig 13:59
We got this massive database leak, and I found out about it over
the Electronic Frontier Foundation, I put their article up on my
site at http://CraigPeterson.com. Earlier
this month or security researcher found and disclosed and
exposed an unexposed database.
Craig 14:19
And this database was online that these things happen all of the
time, people are building software, they don't understand the
implications of what they're doing. And I talked about it in my
It's a Security Thing, podcast this week.
Craig 14:35
They just don't understand. And because they don't understand,
they're just messing everybody up. And I see this almost
everywhere. You know businesses, when you have a new product or
designing when you have a product you're using, even when you're
using a third party software as a service that you might trust,
have a true security professional look it over. And there are
security professionals available. I know there are almost 3 million
job openings in our security world out there. But they are
available, pay them you can't pay them enough to come and have a
serious look at this.
Craig 15:18
You'll pay to have an attorney come in at hundreds of dollars an
hour, some of these attorneys are over $1,000 an hour to look at
something to look at the legality because well, you might save tens
of thousands or even a million dollars in a lawsuit.
Craig 15:35
Well, the same thing is true with security.
Craig 15:40
If your data is breached, you could easily face it more than a
million dollars and find and no judge or jury is going to protect
you from that. These are fines that are levied by the regulating
agencies. And there's basically nowhere to turn; then on top of it,
you could have your customers suing you, you could have consumers,
so we knew because their information got out. And you could end up
with hundreds of millions of dollars and judgment against you. But
no, what are you going to do? Oh, you're just going to trust your
IT guy who was a programmer who has his bachelor's or even masters
or doctorate in computer programming from some University.
Craig 16:25
No. You need a specialist just like you go to a specialist law
firm. You need a true specialist. And the people just aren't doing
it. So here's an example of this security researcher. And yeah,
we're talking about China here. But China has hired some American
companies to build this. So in this case, this database owned by a
company called SenseNets. It's a private artificial intelligence
company that advertises facial recognition, crowd analysis
technologies. So you'd think that they would have some modicum of
understanding about security, but they didn't. And they didn't hire
a security expert to come in.
Craig 17:20
And what's that going to cost you? 100,000? 200,000? Half a million
maybe? And instead of that, they'd rather just lose the whole
business because they don't see that as a real risk. Well, let's
talk about this risk because we'll get to this Chinese company here
in just a second. But let's talk about the risk.
Craig 17:42
There was a cyber security firm that just released a little report
saying that they found at least 468 Mongo DB servers exposed to the
public internet. Almost 500. Well, what's a Mongo DB server? These
are database servers, the main technology group is called No
Sequel, but typically used for huge databases. So what is this
database that this company SenseNet have in them? SenseNets, excuse
me, having it?
Craig 18:21
Well, it turned out all it had was DNA samples, voice samples,
fingerprints, iris scans, and much, much more. These were all
residents between the ages of 12 and 65 that were from Xinjiang.
And they had been questioned about their use of mobile and internet
tools. Over there, just having WhatsApp or Skype installed in your
phone is classified as subversive behavior. Remember that China is
a socialist country, I don't know. But most people I get it, most
people don't want to mention the fact that they're Communist or
socialist, or they are just incredibly under the thumb of the
government. Heaven forbid, you know, we want that here, right in
the United States. Right? Yeah. Okay. And since 2017, the
authorities and China have told all of the Xinjiang mobile phone
users, they have to install the spyware app, to prevent them from
accessing terrorist information. That's a quote. Okay.
Craig 19:37
So we've got evidence now of mass detention centers, newly erected
surveillance systems, that China has been bulldozing whole towns
because of subversive behavior. All the systems in China that are
has been pouring billions of dollars into physical and digital
means of, of substantial surveillance in Xinjiang and other regions
over there in China. So it's been unclear to a lot of researchers
and human rights activists, just what extent these projects as
they're operating, you know, heaven forbid, that happened in our
country. Oh, wait a minute. It did. Right. We did have surveillance
going on. The NSA is scrapping some of those programs; maybe it
wasn't the same. Perhaps we haven't been putting people into
detention centers. But come on, guys. We're already at a place
where five years ago, we didn't think we would be, right? We just
discussed that ten years ago, where are we going to be in five or
10 years from now? Hopefully, civil libertarians are out there.
Indeed, the major parties have been stepping up; the Democrat Party
really hasn't been looking at what Obama did with significant
increases in surveillance. I kind of get it after 911 that maybe we
want to have a look or look see and figure out what's going on
because it kind of hit us from the middle of nowhere in some ways.
But that has to go away; it looks like it is going to go away this
year under President Trump. And hopefully, the democratic house is
going to go along with it as well.
Craig 21:05
But now we have found out we found out more because of this data
leak that happened with this security company, I'd laugh and laugh
about that, over in the US helping China.
Craig 21:21
So in addition to some of the biometric and other information, this
database of 2.6 million people includes their national ID number
think social security number, which our government obviously has on
us as well. Ethnicity. Well, you know, we've been giving that to
our government for years and forms that we fill out. Our
nationality, our government has that. Phone number, our government
has that. Date of birth, our government has that. Home addresses,
our government has that. Employer, our government has that. And
photos, our government has that.
Craig 21:57
So all of these same things, types of records that our government
has, were found on this database online, from a company that's
selling technology to track citizens to the Chinese government. Now
over 24 hours, this database collected, just one day, 6.2 million
individual GPS coordinates linking these citizens of this province
over in China, of this area in China, connecting them to various
public camera streams all automatically where they're tracking them
in the streets, and identification checkpoints. You love that idea
of inspections right? Like Checkpoint Charlie, for those of us that
are old enough to remember that.
Craig 22:51
Checkpoints associated with location tags such as hotels, mosques,
police stations, the GPS coordinates, all located within Xinjiang
where they're doing this service.
Craig 23:05
My gosh, so Givers of he reported a second open database tracking
the movements of millions of cars and pedestrians violations, like
jaywalking speeding, going through a red light are detected. They
trigger the camera to take a photo and ping a WeChat app,
presumably to try and tie the event to an identity.
Craig 23:28
It goes on and on. So this database exposed to anyone with an
internet connection for the last six months. Oh, by the way, some
of these other 468 database servers that were found on the open
Internet that were open, contain detailed information about remote
access consoles owned by China General Nuclear Power Group, and
through GPS coordinates of bike rentals. So there you go with the
surveillance state, they're in China.
Craig 24:01
They're tolerating poor engineering, that is getting crackdown on
by the way, in western countries, Europe, the United States,
companies are getting sued over this. We were helping out a company
that, small practice, this is a doctor's office, they're trying to
upgrade. Trying to secure things trying to do the right thing. And
it was just shocking when we looked into all of these medical apps
that are supposedly HIPAA compliant. We did not find a single app;
they claimed it was HIPAA compliant, that was HIPAA compliant.
Nothing being done about data at rest, and just on and on from
there. It's nuts. How bad most of the programming, most of the
software is out there. So I feel sorry for a lot of companies
because you're stuck. You are stuck. But you've got to find and
hire security experts to review what you have in place if they're
willing to do it because you know, good guys, I don't run out willy
nilly and, and look at networks and look at security setups and
everything else. There's just too much for me to do. There's too
much business out there. But you still got to do it. And you've got
to investigate the people that are working for you that say they
have a security background because they may or may not. That leads
us to our last story we're able to get to today. Well, I'll get
I'll just do this really briefly because I want to hit one other
topic, but HR department, now, according to The Wall Street Journal
are turning to artificial intelligence to try and find talent
because good people are disappearing off the market almost
instantly. They're using AI by getting into Microsoft's databases.
Remember, they bought LinkedIn, so they've got all kinds of
information about people. It's combing through the profiles of more
than 610 million members tens of thousands of skills and titles and
the looking at behavioral data. And going on and on what jobs
candidates are applying for. Citizens Bank launches an AI-powered
career coach named Myca, which is short for my career. IBM has a
chat box that has AI built into it. And you may have to do that
yourself. If you're looking to hire. It's getting more and more
difficult to get excellent talent, especially in the IT space and
more specifically in the computer security space. And
WhatsApp, you probably heard about that if you're not using it. But
what tap is a company that was purchased and became part of the
Facebook group? And man, the guy that sold it made some clear
money. I can't remember what it is offhand. But I think it was in
the billion plus range. Well, the founder of WhatsApp is warning
people. He's saying you need to delete Facebook immediately. And
this article from the Daily Mail over in the UK talks about why all
of the reasons why you should and how the disclosure of your
information is just it's rampant over at Facebook anyhow.
Craig 27:36
Have a great week we are finishing up our DIY cybersecurity course.
This week will be our last week of coaching calls. So shout out to
everybody and a big thanks to everybody that's been involved in
asking questions. And we've been answering all kinds of questions
from everybody. This week. It's getting busier. You can text me
855-385-5553 anytime or just email me@CraigPeterson.com. Hey, have
a great week. Bye-bye.
---
Related articles:
What’s a Good Alternative to Windows PCs?
Michael Cohen Investigation Involved Secretive “Triggerfish” Tracking Device
2 ‘Virtual Kidnap’ Scams Within 24 Hours Have Laguna Beach Police On Alert
Life Insurers Can Use Social Media Posts To Determine Premiums, As Long As They Don’t Discriminate
Bizarre Malware Is Disabling Safety Systems At Industrial Plants
Massive Database Leak Gives Us A Window Into China’s Digital Surveillance State
Ransomware Forces Aluminum Manufacturing Giant To Shut Down Network Worldwide
HR Departments Turn
To AI-Enabled Recruiting In Race For Talent
---
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553