Oct 27, 2018
Yes, the Chinese are coming after US small businesses. Listen in as Craig tells you about a local NE Company that got hit with Spear Phishing that contained an unknown never before seen virus.
Do you use Facebook? Do you know if your information was stolen during their last hack of 50 million users? Craig talks about how that information is now showing up on the Dark Web.
Are you investing in Cryptocurrencies? Today Craig talks about Cryptocurrencies and Blockchain technology. Warnings and Advantages.
Would you visit an AI Doctor? Would you know? The Future of Medicine will include AI and Google shows how it happens and how you may not even know.
Craig is putting up a new insider site (Yes, it is free, but you have to sign up) On it will have all his special reports that he puts out and you will be the first to get them.
These and more tech tips, news, and updates visit -CraigPeterson.com
Below is a rush transcript of this segment, it might contain errors.
Airing date: 10/27/2018
Chinese Hackers, Future of Medicine and Google AI Chatbots, Facebook Hack showing up on Dark Web, Fake Videos, NIST Security Standards
Craig Peterson: 0:03 Hi, everybody. How's that for a little drum roll introduction. This is Craig Peterson. Glad to be here with you today. We've had a busy week, Back at headquarters. We ran a webinar. Again, another one for the FBI this week. And this one really kind of scared the living daylights out of me. I guess. You know, some people say, hey, Craig, I listen to your show. And I'm always just scared when you're done. Well, listen, I'm scared to. It's crazy what the Chinese are doing when it comes to stealing our technology. Doing it on a government-sponsored basis. You know, I hear from people, that you just can't hide anymore in the world today, unless you've got a government helping you. Well, when it comes to hacking. Think about that just for a minute. Can you protect yourself against the government that's coming for you? And, this week, we had a client, who we got just a few months ago. They were under severe attack, like 5000 an hour, that were directed specifically at them. We are talking about spear phishing emails aimed at them. And they provide, again, some equipment, this is another customer, I haven't talked about these guys before, I don't think on the air, but they provide equipment that is used, ultimately by the government. And it, obviously, it's the Chinese and they're going after this. So, all of our alarms started going off. We were capturing them. The other thing that's really kind of unique, you know, when you think about having your antivirus software and stuff on your computers, and how ineffective it is, frankly. In this case. Obviously, there's anti-virus type software in place. But, we have something that allows a what's called a retrospective pull back. So, we were seeing in the course of an hour, as I said, 5000 attacks coming in, most of those were via email. And, what was really interesting is most of those attacks were with virus type software that had not been seen before. Now, we're not talking about, if you were on my webinar on Thursday, my free webinar, you learned a little bit about what a polymorphic attack is. Where the software is constantly changing itself. And, I found a lot of people didn't even know that was possible. But that's not what was going on with this client. The software wasn't just changing itself, so that it had a different checksum. Because that's how a lot of this anti-malware type software works. It's taking a checksum. It's kind of like your own immune system saying, oh, I've seen this before I know how to deal with this virus. No, it was actually, different ways of trying to get around the protection software. Now, what's really kind of fascinating about this, at least from my standpoint is. this company had approached us a couple of months ago, we actually talked to them about a year ago. And they said, Oh, no, no, we're, we're all set. I think we're okay. We just, we can't afford to kind of try and do this, right. And then they reached out to us two or three months ago, saying, Oh, my gosh, I think we lost all of our intellectual property. We might have lost all the client records, everything. All their stuff was stolen from them. And this is what I warn small businesses about all the time. This is why I'm doing the hundred free cyber health assessments this year. I'm not, you know, I normally charge for these things, anywhere from one to $5,000. But I'm doing just kind of a micro-version for 100 businesses, because I really, really, really want to help businesses. Help them understand what their footing is. Understand what would happen if they got hacked. Well, anyways, these guys came back to us and said, Whoa, is it too late? Is there anything we can do right now. So, we tightened everything up substantially. We put in the proper types of firewalls, not the things you buy at Staples, or that your local break-fix shop that sells your computers to you. Not those types of firewalls, but real ones, professional ones. And professional switches as well, that are all managed, but not just managed. But this all operates as one big network monitor. Everything going on inside of the network is monitored. Everything going on is examined for known problems. And, then it's behavior is analyzed as it's trying to run on a machine or go through network, and further data is gathered. And, it goes so far as we will literally shut down the port that that machine is on if something malicious is happening. So, in this case, what happened is the software came in, it wasn't something that any anti-virus software has seen anywhere in the world. Now, we are tying this in with a billion endpoints around the world. That's a lot of data. And, all of this data is analyzed. And, there's an AI type machine, this looking at it all, plus there's people that look at it. And, in fact, in this case, they looked at it and said, Whoa, wait a minute, because it looked like it might be something going on here. So, we automatically send a copy of that software up for further analysis. And, so the analysis happened and our guys looked at it and said, Whoa, wait a minute. Now, this, this could be a real problem. And so that's where the retrospective analysis comes in. We initially looked at it and said, I'm not so sure about this, we're going to kind of quarantine it, keep an eye on it, make sure it's not going to do anything evil. And if it starts to, we will back it out. And that's what we had to do multiple times this week. Most of that was automated. But just, you know, wait a minute. Now, retrospective is showing that this could be really malicious stuff. And, so we ended up this week, with dozens of different samples of malware that we ended up working with Cisco TALOS on, that they had never seen before. No one has ever seen before. We were debating if we should bring that up with the FBI or not. But you know, that we will let TALOS worry about it this time. But that's what's happening, right now, right here, right here in New England. And, it's happening all around the world, as well. But, this is somebody I know, this is a client, they're coming after us. And I can't emphasize this enough. If you're a small business owner, you can not afford to use that hundred dollar a year anti-virus software and think that you're safe. Because, you're not. So, that's what these webinars for, I'm going to be doing more or less one a week. And we're talking about different aspect of security and, and some of the technology you can use as a business person. I'm not selling anything, okay, people I've been doing this radio show for more than 20 years. And it's all about keeping people up to date. And as a small business person, you've got to stay on top of this. I know you're already losing sleep over it. I know you're fighting with your wife, kids and employees about it. Yeah, you know, who wouldn't be you've got all of your employees online, doing who knows what, all day long. And if you have multiple shifts all night long. And a lot of the times they are causing you nothing but headaches. Because when we talk about the attack this week, we're talking about the thousands of attack attempts against this one company, all it would have taken is that, for instance, just a simple one, one of those emails getting through and one of those employees clicking on that email. Now, in the case of our client, they still would have been okay, because we were stopped it. It could have been backed out retrospectively, if something happened. And clicking on that link and trying to go to another website, we are blocking that proactively, as well, when it becomes a bit of a negative site. So, there's just all kinds of gyrations going on behind the scenes. But it's huge. And then to have an expert that I interviewed on the FBI InfraGard webinar on Chinese stuff. Oh, my gosh, that was just incredible to hear what's going on. And by the way, again, if you're a small business guy or gal, a big business guy or gal, you're involved in any part of the critical infrastructure to this country. This means you're in finance, maybe you're part of a power company, maybe your maybe your law firm that has information or healthcare organization, make sure you join InfraGard. There are chapters all over the country. I think there's like 80 local chapters. Last I checked, you'll find them online at InfraGard or I N F R A G A R D dot org or you can always just send me an email just me, M E at Craig Peterson dot com. That's how you send me an email because I'm Craig Peterson. And I'll point you in the right direction. It's a volunteer organization. We're all volunteers, but to hear what he had to say. And I've got the video done and it's going to be posted up on the Infragard website as well, about the Chinese and the Chinese hackers. But they really are at it out there. It's, it's just going crazy. Let's see, I just had a text come in, and my 855-385-5553 number 855-385-5533 asking who it was. If you want to find out more, you can find them online. The guy's name was Joshua Phillip. He's a senior investigative reporter over the Epoch Times and he's been following China for a long time. And you can find them online at theepochtimes.com that the E P O C H T i m e s dot com there are some just amazing things that he's uncovered and he was sharing
Craig Peterson 10:14 you know. Unfortunately, the FBI InfraGard webinars that I run are closed, only for InfraGard members. The other ones that I'm running are wide open for anybody, and you're welcome to attend. And we got some pretty cool stuff coming up we're going to be talking next week a little bit more detail about backups and how can you make sure your backup is working. What are some of the backup software packages you might want to look at if you're going to try and do it yourself and all of that? So, it's going to be an interesting time. I'm not sure what day we're going to do it I think we're aiming for Thursday or Friday next week. But I'm traveling next week and the week after so it's gonna make a little difficult but if you sign up on my website Craig Peterson dot com, you will see right there sign up form, and you can get on my waiting list. And I'll let you know when the next webinar comes up. But absolutely free. Just trying to get the information out there and, and help people out. Cause it's a scary world, frankly. Can't imagine some of these people waking up in the morning and having everything stolen. But anyways, mumble mumble right.
Craig Peterson 11:25 Well, we talked how a couple of weeks ago about this Facebook hack. You know about the hack. I'm sure it's been on the news. A lot of media outlets have been talking about it. 50 million users got hacked. And, and Facebook's been kind of slow in saying, Who was hacked? What was taken? Informing people that the hack had happened, right. Well, now we're starting to find out what really happened because the independent which isn't you'll find them online. They're actually based in the UK, Independent co dot uk The Independent newspaper has now found people's Facebook accounts hacked and selling for between three and $12 on some underground black markets. Basically, on the dark web. Now they're being found on dream market, which is probably right now, they are the leading online marketplace for illegal information, stolen information, online. They've got a similar rating system to Amazon. Do you like that? Where they say yeah, these guys are legitimately bad guys. But, you know what, there is honor amongst thieves, so trust us. They are selling the Facebook credentials, and the people that are selling these appear to be pretty well trusted on the dream market. So, the data is probably authentic. You know, we'll have to see. But you've got to use of course these semi-anonymous digital currencies like Bitcoin or Bitcoin cash in order to buy them. So, if they were able to sell them, what would that 50 million Google or excuse me, Facebook accounts be worth bottom line? Well, probably somewhere between 150 and $600 million dollars. Isn't that just amazing when you think about it, personal information is just incredibly valuable out there on the dark web so here's
Craig Peterson 13:31 Bill Connor, he is a security guy out there, and he does a lot of work with the US/UK governments as well. Quote, personal data and personal information is simply too valuable on the dark web as long as stolen data continues to fetch high prices and equip perpetrators with the means necessary to carry out attacks hold victims ransom, extort information, or destroy property, organizations must exhaust all measures to diligently detect and protect their networks, devices, and users. End quote. And then we have what we just talked about, right with China, where we've got nation states also going after all of that data. We got to take this very seriously, I don't, I don't know that we're taking it seriously enough, individually. The federal government has some new rules that went into place in October 2018 this month. And what the feds are saying there is all government agencies have to meet these minimal standards that they have established. And these are basically the NIST standards, but only about half of the federal government agencies meet these standards. And just because they meet the standards does not mean that they're safe. That was another thing we covered on Thursday's webinar. When it comes to you and your business and trying to keep all of your data safe. There are rules, there are regulations, there are standard. So it's also very confusing. Which ones do you follow, and we'll be talking more about that in the open webinars here in the near future. Of course, your listening to Craig Peterson. I'm on these radio stations every Saturday morning at 1130. So, make sure you tune in. And if you want to get a little reminder so that you remember to tune in. Just text me at 855-385-5553, you can ask to be on my weekly email list. You can also ask to get these notifications, and we'll put you on them. I also send out text messages when there is a big countrywide hack or something else going on to make sure people are aware of it. Make sure you know what's happening out there. So we have all of that sort of thing, available and all you have to do is either email or text me 855-385-5553. So, now on to another cryptocurrency problem.
Craig Peterson 15:58
You know, I love the fact that called cryptocurrencies, because a lot of people think, oh, cryptocurrency it's cryptographically secure, right? That's not what it's about. Well, in fact, did a test isn't and if you've been studying cryptocurrencies for a while, you know that. You've got to be very careful. And, there are there's a story that was out this is the Reuters feed this week talking about a couple of Peggy and Marco Lockman. And they learned that some hackers had cracked their 40 character password that was used for their cryptocurrency wallet. And the bad guys took about $14,000 right out of the cryptocurrency wallet. Now these two, Peggy and Marco, just they rolled with the punches. They didn't even bother reporting it to the police and the quote from them, is
Craig Peterson 16:56
there a quote there was nothing we could do. And they also said, we've studied cryptocurrencies for about a year before investing. So, we are aware of the risk. So, could you lose all of your money in your account? This problem that Marco and Peggy had really, it's emblematic for this whole cryptocurrency market. There are some rules, but there aren't a lot. There are some rules about initial coin offerings that the securities exchange commission is trying to enforce. But really, it's it's, it's a scam, right? Okay. I said it, and I know there's people that hate me for saying that. I was at a conference a little earlier this year. And there was someone there who was just totally peddling cryptocurrencies. Now, I love the idea of having a currency that is me spending my money, right? You pay cash, just somebody and hopefully, you can't be you can't be robbed of your cash. And that's the idea behind this, isn't it? And there isn't someone in the middle like a credit card company charging the vendor two or 3% plus a per transaction, charge and everything else. Should we be able to just exchange goods for labor, you know, fair, open exchanges, you know, you know, I'm pretty libertarian about all that stuff. But in this case, we're talking about a fool's errand because the police are never going to be able to catch these people. Look at some of the major thefts, millions of dollars worth of these crypto coins that just have not being caught. These people haven't been caught. And then the 50% problem that we've talked about on the show before where if you are a nation state, or if you're big enough bad actor, you can own.
Craig Peterson 18:51 the cryptocurrency. And we're not getting into all of the technical details of how all that works, but it's decentralized. Everybody basically votes on whether or not a transaction occurred. And if you control 50% of the votes, guess what you control the currency. So, there are some estimates showing cryptocurrency crime is on the rise. I know part of the reason for the value of cryptocurrency is crime. It has been ransomware, which we talked about on our webinar this week as well. Our open webinar. So, you know, law enforcement agencies there's not equipped to be able to handle this very often. It looks like are, you know this is a guess, but that most of these crimes are just not in, you know, investigated. The thieves can be anywhere. They can use your money anywhere. It's not like a credit card that can be shut down. So, be very, very careful if you're looking at cryptocurrencies. It is probably the most speculative market that there is out there. And I know there's people that completely disagree with me. That think it's a great investment. That cryptocurrencies are the future. That the whole blockchain technology is what's going to keep our privacy. In fact, and there are people who are saying we should be using blockchain to identify ourselves as being who we say we are in this day and age of stolen identities. I don't hundred percent disagree with them. I think there's some good opportunity there. But, if you're a little older, and you're concerned about losing everything you have. You just might want to think twice about it. Now this article by the way from Reuters. I put up on my website Craig Peterson dot com so you can read it right there.
Craig Peterson 20:44 Well, next up here, your doctor appointment. Have you seen the ads or heard the ads, I know, I've heard them on some of these stations before. But the ads where there is now an app that you can get for a psychiatrist. So, you're having issues need to talk to someone about it? Well, there's an app for that. And as we go forward, there's going to be more and more of those. We've already seen people going to Dr. Google, in order to figure out what might be the problem. And of course, Google is not a great place for that. It can't ask you questions, It can't drill down. It's not really designed to do that. But there are some apps that are. You've got Babylon, Adda, ADA, your MD, doctor dot AI. But right now Babylon is a front-runner because it's been integrated with the UK is National Health Services. So, it's showing how this type of tech can change the way health services are run, and also how they're paid for. And you've seen the new Apple Watch four which has the ability to monitor your cardiac rhythm to a degree. There are more and more medical devices that are being tied in. On the part of this whole IoT, the Internet of Things. And your next appointment with your doctor may well be, just AI based. I have a medical program that I'm a part of where we get as; basically, you get on Skype, and you can talk to a doctor and get a diagnosis, and they can prescribe basically antibiotics, not much more. I was very disappointed by that. But anyway, but you can find out if maybe I need to go to the local clinic or to the hospital just by hopping on to a website. So, this is the future. And you're going to be able to have a chat back and forth, already chatbots that are running on Facebook, you might even have spoken with one before, and a Customer Support Center and not even realize that you were talking to an artificial machine. Earlier this year we had Google demonstrating, its ability to make a hair appointment for someone. It sounded like a real person. But in fact, the phone call was made by a computer robotic voice got on and made that phone call.
Google AI ChatBot 23:20 Hi. I'm calling to book a woman's haircut for our clients. I'm looking for something on May third. Sure. I give me one
Google AI ChatBot 23:29 Mm-hmm.
Hair Salon 23:32 What time are you looking for around? At 12 pm. We do not have a 12 pm available. The closest we have to that is a 1:15. Do you have anything between 10 am and 12 pm? Depending on what service she would like? What services is she looking for?
Google AI ChatBot 23:53 Just a woman's haircut, for now. Okay, we have a 10 o'clock. 10 am is fine. Okay. What's their first name? The first name is Lisa. Okay, perfect. So, I will see Lisa at 10 o'clock on May 3. Okay, great. Thanks. Great. Have a great day. Bye.
Craig Peterson 24:12 Now. If that doesn't freak you out? I don't know what would. That was the Google artificial intelligence calling the hair salon. This is the future and not the distant future. That was real. Now they did another demo of a restaurant with some really weird questions and things that was kind of interesting. But when you're dealing with a human, you never know what you're going to get, right, when it comes to questions and stuff. So, keep an eye out for this. I think AI doctors are right around the corner.
Craig Peterson 24:51 Now we talked a couple weeks ago about some of the
Craig Peterson 24:57 the fake video that's out there, right and how it's so easy to create a fake video. And paste somebody's face on to it that wasn't there. You know, this has huge implications for the future. And I spoke to Jim Polito about it as well, on his radio shows. It's very concerning, and it's very difficult to stop, and I've got an article up from the Washington post on my website at Craig Peterson dot com, talking about this. And it shows a video that was shared in early September on Facebook. And you might have seen this that the caption said a Capital airlines Beijing to Macau for the flight carrying 166 people's made an emergency landing and Shenzhen on 28th August after boarding the landing attempt in Macau due to mechanical failure, the airline said. So, that's what it said. If you watch the video, you saw this plane, big commercial plane doing a full roll maybe a few hundred feet off the ground. Then it looked legit, but it was not. And Geoffrey Fowler, who's the guy that wrote this article did a whole bunch of research into it, contacted Facebook. And Facebook is saying, by the way, they're going to be adding 20,000 people to their investigative team to help detect this type of fake video, in the future. But millions of people were fooled by it. Hey, that's it for today. Make sure you sign up for my webinars. Okay, these things are free. I'm doing 100 free cyber health assessments for small businesses by the end of the year, this year. So you can find out more just go to Craig Peterson dot com. You can sign up. You'll learn a lot about what's happening out there. I go through in some detail, help you understand it, gave you some tools, some how to's. And above all, a good success path to make it through all of these can be confusing things. So, have a great week. Any questions just text me 855-385-5553 or email me at Craig Peterson dot com. Take care. Bye-bye.
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: