Apr 22, 2022
Did You Hear About theLatest Rip-Off? Non-Fungible Tokens (NFTs) Are Already LosingSteam!
[10:54] How Law EnforcementTracks Bitcoin! It is Absolutely NOT Anonymous
[20:05] The FBI Is ActivelyRemoving Malware From Private Machines -- Without The Owner'sPermission
[29:10] Why and When You Shouldn't Trust QRCodes
[41:08] Cybercrime in Russia Tracked to a Single OfficeBuilding in Moscow!
[52:29] The Newest PhishingScams
[01:01:32] Using Wordpress?How Supply Chain Attacks are Hurting Your BusinessWebsite
[01:10:43] CybersecurityTools You Should Be Using!
Jam packed today. We're going to start with non fungible tokens.If you don't know what those are, this is a very big deal becauseso many people are investing in them right now. Are they reallyinvestments? I've got a bit of a blow back here. Most people thinkthat Bitcoin is anonymous. We're going to talk about how itabsolutely is not.
[00:00:20] We're going to talk about anonymous. In fact, theRussians, Microsoft, what they're doing against the Russians andthis little comedic thing about cars.
[00:00:28] NFTs are very big deal.
[00:00:31] I'm going to pull up here on my screen right now.This is a picture of Mr. Jack Dorsey. We'll go full screen, anarticle from a website called CoinDesk. CoinDesk is one of thesesites that really tries to track what's happening out there in theBitcoin community. Of course, nowadays it's much more thanBitcoin.
[00:00:53] Isn't it? We're talking about all kinds of. Differentcurrencies that have a blockchain backend. They're calledcryptocurrencies basically. But the big one was of course, Bitcoin.And there is a whole concept. Now, when we're talking about thingslike cryptocurrencies and these non fungible tokens. People havebeen investing them in them.
[00:01:19] Like crazy people are making millions of dollarsevery week. Now, remember, I am not an investment advisor andparticularly I'm not your investment advisor. So take all the. Toyour investment advisor. I'm not telling you to buy them. I amtelling you to be cautious here though, because these non fungibletokens are designed to give you the ability to be able to just, ownsomething in the digital world.
[00:01:48] What might you own in the digital world? We've had alot of different stuff. We've seen some just crazy monkey things.Have you seen those? These little pictures of monkeys are. Graphicdesigned and it's all animated. If you will. It's like cartoons andpeople pay money for them. One of the things that people paid moneyfor was the rights to the first tweet ever on Twitter.
[00:02:16] So that's what you're getting. When we're talkingabout an NFT on a non fungible transaction, it is now yours. Sothis particular NFT we're talking about was of our friend here,Jack Dorsey. We'll pull it up again, this article, and he had atweet that was sold last year for $48 million. That is a lot ofmoney.
[00:02:43] So people look at this as an investment, but it's notthe same as hanging art on the wall. You've got a Picasso that hassome intrinsic value. It's a painting. It has all the oil paint onthat, it was designed by and painted by a crazy man years ago. Andyou can take that Picasso and you can.
[00:03:07] Turn it around and sell it. It has some real value.If you own the rights to something, let's say it's one of thesemonkey pictures. It reminds me of a postage stamp and you paid realmoney for it. Some of these things are going, as I said, for over amillion dollars and this Jack Dorsey first tweet went for $48million.
[00:03:27] So let's say that's what you did, right? You boughtthis thing for $48 million. Really? What do you have? Becauseanybody can go online and look at that tweet. Anybody can print itup and stick it on a wall. Anybody can go out and get that pictureof the monkeys right there. The guy drew, and you can look atit.
[00:03:51] In fact, I can pull it up right now, if you want todo. But people paid real money for that. So they've got whatreally? What do they have? You can't take it off the wall, likeyou're Picasso and salad, right? Or Banksy, if you're into the moremodern art, it's just not. What is doable? How do you make thiswork?
[00:04:12] Only the NFT only gives you bragging rights inreality. That's what it does. You have bragging rights because youcould take that digital picture and make a hundred quadrillioncopies. Yeah, you'd still own the NFT you would still have in theblockchain for whatever NFT company you're using the rights toit.
[00:04:37] They would say this, you owned it. So let's talkabout the blockchain behind it. There are a lot of companies thatare trying to give you that. Okay. All right. I get it. Yeah, I getto to own it. But who's running the blockchain behind it. Who'svalidating that you own it with Bitcoin and many of these otherblockchain currencies that are out there.
[00:05:04] There are various. Companies and individuals who areregistered, who have all of the paperwork, if you will saying whoowns, how much of what, and who paid, who and everything. And thatby the way, is why it takes so long for some of these Bitcoin andother transactions to occur. But how about the NFT? There are tonsof companies out there that say they will certify the NFT.
[00:05:34] So it gets to be real problem. And when we get intothis Jack Dorsey tweet and this article about it, which are will,let me pull it up again here for you guys. This guy, Sina S boughtthe very first tweet ever from Twitter founder, Jack Dorsey for$2.9 million last year. And he decided that he wanted to sellit.
[00:06:03] So he listed it for sale again at $48 million lastweek. Real. He put it up for open bid and this article and CoinDeskis talking about that. And you can see that if you're watching meon rumble or YouTube, I'm showing you my screen here right now. Butthis Iranian born crypto entrepreneur named of again.
[00:06:28] As TAVI purchased it for $2.9 million in March, 2021.Last Thursday, he announced on Twitter where out, that he wanted tosell this and Ft. And he said, Hey, listen, I'm going to put 50% ofthe proceeds to charity. The auction closed, this was an openauction. People could go and bid on it and head auction closed.
[00:06:55] With an offer of basically $288, $277 at currentprices when this article was written $277 and the lowest bid was$6. And as I recall, this is not in this article, but there wereonly. I handful of bids. Like when I say handful, I mean a half adozen beds. Crazy. This is a real problem because the deadline isover.
[00:07:27] He paid how much for it, right? How much did he pay?Pull that up again. $2.9 million last year. And his highest bid wasin the neighborhood of $280. Isn't that crazy. So did he get moneyon this? Did he win money on this? I don't know. I'm looking atthose saying is it worth it to buy something like that?
[00:07:54] That you might think, oh, the very first applecomputer, an apple. While that's going to be worth some seriousmoney. Yeah, it is. It's something, you can grab onto, you can holdonto it, it's something and you can sell it. You can trade it. Youcan take a picture of it. You can't make digital copies of it.
[00:08:15] You, you, it's a physical thing. That's worthsomething. Same thing with that Picasso on the wall, it's reallyworth something that has some basic intrinsic value. Jack's truetweet. The very first tweet. How much is that thing worth? Itbasically nothing. So the tweet is showing he'll pull it up on thescreen again that he's selling ad Jack 2000 6 0 3 21 at eight 5014:00 PM.
[00:08:46] Just setting up my Twitter. So there you go. There'sJack is very first to. And it's absolutely amazing. Is it worth it?Let me pull up some other stuff here for you guys. I'm going topull this up here is Coinbase launching an NFT marketplace in hopesof appealing to crypto on mainstream users. So here's some examplesfrom a man and FTEs.
[00:09:11] I'm going to zoom in on this for those of you guyswatching on rumble or on Twitter. All right. Mean. Yeah actuallyyou can see it on Twitter too, but YouTube, here you go. Here'ssome NFTs it's artwork and it's a creature. So you can buy creaturenumber 7, 8 0 6 right now for six Eve. So let me see.
[00:09:34] Value of six. Ethereum is what ether, M two usdollars. So for 3000. And $84. As of right now, you can get acrappy picture that even I could have draw okay. Of this guy andlook at all of the work this artist has put in. There's how many ofthese up here? 1, 2, 3, 4, or five, 10 of them. And it's the samehead.
[00:10:03] Each time it looks like this almost the same eyes. Hechanges colors and he's got different background. It's absolutelynot. So that's what they're trying to do right now, trying to sellthese NFT. So who's going to buy that. Who's going to pay $3,000for artwork that hunter Biden could have done with a straw.
[00:10:25] Anchored around. Here's another one. This is fromledger insights. NBA's launching dynamic NFTs for fans, baseballcards for the NBA that are basically just worthless. They're NF.Non fungible tokens. It has taken the crypto world by storm andpeople are losing millions as you look, but it really is changingthe e-commerce world.
[00:10:54] Bitcoin blockchain. All of the rage, a lot of peopleare talking about it, but I got to say most people who are talking.I don't know much about it. And when it comes to anonymity, Bitcoinis probably the worst thing you could possibly do. It'samazing.
[00:11:12] There are a lot of misconceptions out there when itcomes to technology, you have almost any kind of technology andblockchain and Bitcoin are examples of a very misunderstoodtechnology.
[00:11:25] Now I'm not talking about how does it work? How arethese ledgers maintained? How does this whole mining thing work?Why has Chan. Bandit. Why are a lot of countries going away fromit, one country. Now the dictator said, yeah, we're going to useBitcoin as our we're official currency. In addition to the U Sdollar what's going on.
[00:11:48] It is complicated behind the scenes. It's complicatedto use. Although there are some entrepreneurs that have made somegreat strides there. I saw a documentary on what has been happeningin that one country. I mentioned. They are able to pay in usdollars using Bitcoin. So they'll go up to a vendor on thestreet.
[00:12:13] Quite literally they'll have their smartphone withthem. The vendor has their smartphone. They type in 15 cents forthe taco and a hit send. It goes to the other person and they have15 cents worth of Bitcoin. By the way, these types ofmicro-transactions with the way Bitcoin is structured behind thescenes, make things even less manageable in the Bitcoin world thanthey have been in the past.
[00:12:40] And that's why in case you didn't know, Bitcoin ismaking some major changes here fairly soon. They've got to changethe way all of this ledger stuff works because it takes too long.To record and authorized transactions. And these ledgers just getway too long when it comes to all of these kinds ofmicrotransaction.
[00:13:04] So there's stuff going on, Bitcoin, there, there aremany of these types of currencies out there. Theories comes one.You've heard about doge coin because of course that's Elon Musk hasbeen talking about and many others and they're all differentsomewhat, but the main concepts are the. One of the big concepts,I'm going to pull an article up here on the screen for thosewatching on YouTube or also on rumble.
[00:13:30] But this is an article from our friends at wiredmagazine. And now you have subscribed to wired for many years. Thisparticular one is about what wired is calling the crypto. Trap nowthat's a very big deal. It is a trap and it's a trap and a lot ofdifferent ways. And that's what we're going to talk about rightnow.
[00:13:56] Crypto is not what its name implies. A lot of peoplelook at it and say, oh, crypto that's cryptography. That's like theGerman enigma machine in world war two and all of this new, greatcrypto that we have nowadays. And there are some pretty amazing newcryptographic technologies that we've been using, but no, that'snot.
[00:14:17] What's really going on. You see the basic premisebehind all of these technologies is the concept of having a. Andthis wallet has a unique identifier. It has a number assigned toit. So if I'm sending money to you, I'm going to have your wallet,ID, your wallet number, and I'm going to now send you some amountof fraction, most likely of a cryptocurrency and it's certainly ifit's Bitcoin, it's almost certainly a fraction.
[00:14:49] And so I'm going to send you $100 worth of, let'ssay. What ends up happening now is these ledgers, which are public,are all going to record the Craig's sent you a hundred dollarsworth of Bitcoin. Of course, it's going to be in a fraction of aBitcoin. So sometimes there's rounding errors is not going to bereally exactly a hundred dollars.
[00:15:12] Plus there's the amazing amount of. Tivoli volatilityin the cyber currencies. So even though I meant just hitting ahundred dollars, mine ended up being 110 of it goes up. It might be90. If it goes down you get that. You don't understand how thatworks. So the problem now is I have sent you a hundred dollars.
[00:15:33] And public ledgers that anyone can gain access to nowsay wallet number 1, 2, 3, 4 cent, a hundred dollars, two wallet,number 5, 6, 7, 8. Obviously the wallet, our bruises, a lot longerthan that. So then it's fine. And there's a degree of anonymitythere it's really called pseudo anonymity because in reality, it'snot completely anonymous because people know the transactionoccurred and they know the wallet numbers.
[00:16:03] Correct. It's like a bank account, and if I'm puttingmoney into your bank account, that bank account number knows thatthe money came from a check that I wrote. Can you imagine thatsomeone writing a check and that check I had a number on it, a bankaccount number, right? So it can all be tracked while much.
[00:16:19] The same thing is true when it comes tocryptocurrencies, these cryptocurrencies are in public ledgers andthose public ledgers can be used with a little bit of work tofigure out. Who you are. So this article here from our friends atwired gets really hairy. And it might be of interest to you toread, but this is talking about a take-down that happened, and thisis a massive take down.
[00:16:51] This take down was of a whole group of people whowere involved in some really nasty stuff. In this particular case,what it was kitty. Just a terrible thing and the abuse surroundingit. So this logical goes into not a lot of detail. I'm not going toread it because here on the air, because I don't want to upset toomany people.
[00:17:15] Cause it's some of the details of this evening tothink about them are incredible. But. This the police broke intothis middle-class suburb home in the outskirts of Atlanta. And hethere was Homeland security. It was a guy from the IRS and theycame in, they took all of their electronic devices.
[00:17:38] They separated the family, putting the father who isan assistant principal at the local high school assistant printers.And he was the target of this investigation. So they had him in oneroom, they had his wife and another room and they put the two kidsinto a third room and they started questioning him.
[00:18:00] Now, this is part of a takedown of a, as I said, awhole ring of these people, including this assistant. Principal ata school. Can you believe that? So this IRS guy had flown in fromWashington DC to have a look over what was going on, but this agentfrom the IRS and his partner whose name is let's see, his name wasJenn S Scouts.
[00:18:26] I probably got that wrong. And Tigran GAM bar Yan,Cambodian, and they had a small group of investigators and theywere at a whole bunch of different federal agencies, not just theIRS. What once seemed to be. Untraceable was no longer untraceable.Now I've talked on this show before about a lecture I went to bythe secret service about how they had tracked down and shut downthe world's largest website that was being used to sell illegalmaterials online.
[00:19:01] And it's fascinating what they did. But frankly,they're calling this particular boss to proof of concept and that'swhy they are IRS was in on this as well, but it was huge. Here's aquote from the IRS agent in this wired magazine article. He'ssaying he remembers how the gravity of this whole thing.
[00:19:21] Let me pull this up on the screen too. So you canread along here, but this was a high school administrator, ahusband, and a father of two, whether he was guilty or innocent.The accusations, this team of law enforcement agents were levelingagainst. There are mere presence in the home would almost certainlyruin his life.
[00:19:44] And he, as well as these other people were countingon anonymity from Bitcoin. Now, obviously I'm glad they got takendown, but listen, folks, if you think that it's safe, that it'sanonymous, it ain't Bitcoin just ain't there. Craig peterson.comstick around.
[00:20:05] I've been blamed for really complaining about peoplenot updating their software. And that includes things likefirewalls. The FBI has stepped in and they are going ahead anddoing updates for you.
[00:20:21] What should we be doing as a country?
[00:20:26] People are. Updating their software. They're notupdating their hardware. And particularly our hardware take a lookat what's been happening with the firewalls and the firewallconcerns. Everybody has some sort of firewall will almosteverybody, but enough people that we can say, everybody has afirewall, you get your internet from you, name it.
[00:20:50] And because of the fact they're using somethingcalled Nat network address translation, they've got some sort offirewall in front of you. So for instance, You've got your phone,right? You're using your phone and it's got internet on it. You'regoing through whoever your carrier is. And that carrier is givingyou internet access, right?
[00:21:14] They don't have enough IP addresses, particularly IPVfour, in order for you to get your very own unique little addressout on the. No they do. When it comes to V6 things a little bitdifferent, but your device is not completely exposed on theinternet. Windows comes to the fire. And by default, the windowsfirewall is turned on.
[00:21:35] Now this gets more than a little concerning becausethat firewall that's turned on. Isn't really doing anything becauseI've got a firewall turned on and yet every service is accessiblefrom outside, which is defeating the purpose of the firewall.Again, it's a complaint I've had about Microsoft now for.
[00:21:55] Decades, which is they have features that are justcheck boxes. Yes. Yes. It's got a firewall. Yeah, it's turned on,but the features don't work. So having a firewall and havingeverything open defeats the purpose of a firewall max do not have afirewall turned on by default, but they do have their services tosay.
[00:22:18] Which is just as effective if not more effective. Soone of the things we advise people to do is go into your windowssystem, into the firewalls and your security settings, and turn offany services that you're not using. If you're not sharing filesystems, then turn that off. In other words, You're mounting the Gdrive or whatever you might call it from another computer, then youdon't need it.
[00:22:44] If you're not as server for what's called SMB, thenyou don't need to share it. So turn off everything that you don'tneed. That's going to happen is one of your programs isn't going towork, right? And the, what you did last year, you're going to turnit back on and you can do a lot of research online to find out whatthey are.
[00:23:04] We have over 200 settings that we change in windows.When we get a customer. Now on the Mac side, you can turn it on. Iliked turning it on. I liked turning off the ability to see mymachine. So in other words, the ability to be able to. So I turnedit on and I enable specific services. And again, you can do someresearch on that.
[00:23:30] I've got an improving windows security course thatpeople have taken, and we should probably do that again, if notjust have some free webinars on how to do this. So you guys canlearn how to do it, but not that hard to do. Anyhow, bottom lineis. People aren't updating their computers, even the Macs andwindows.
[00:23:51] We have a client that would just started a new clientand we're tightening things up and we've been finding Mac computersthat are major multiple major revisions behind. And that to me isshocking. Apple Macs are just so easy to update. It is extremelyrare that an apple update will make your computer break unlike inthe windows world, where it's pretty common.
[00:24:17] So windows guys, I can understand, but your even moreexposed, your bigger target, you need to keep up to date. So howabout all of the other equipment that we. I've had warnings againand again, with you guys about what's happening with our smartdevices that are out there, right? Our security cameras we have upin the corner, right?
[00:24:41] We have these smart thermostats, people are using thelist goes on and on of all of this equipment that we're using thatis exposing us because when was the last time you have. How aboutthe firmware in your router or your wifi, right? Some of thedevices that I recommend to people, and if you have any questions,just email me and e@craigpeterson.com.
[00:25:05] I can give you recommendations, even if you're a homeuser. Although my business obviously is working with businesses onwhat kind of wifi to buy, what you should get, what you should do.I don't charge for any of that stuff. Okay. You get it. But youhave to ask. Me@craigpeterson.com. So you get this information andyou go ahead and you buy whatever it is, but you don't keep it upto date, which is why I tend to only recommend stuff thatautomatically updates.
[00:25:33] But that also means every few years you're going tohave to replace it because unless you're using the good Ciscoequipment where you can get a seven year life out of it you're notgoing to find that in consumer grid. So what's happened here. I'mgoing to pull this up on my screen for people watching this onYouTube or on rumble.
[00:25:52] But here is a thing that came straight out of ourfriends here from the FBI. This is from CSO. This is a a magazinethat I do follow. But they're talking about what they call psychclock. Blink. So the article says for the second time in a year,the FBI has used search and seizure warrant to clean malware fromdevices owned by private businesses and users without theirexplicit approval.
[00:26:25] The FBI used this approach to disrupt a botnet,believed to be the creation of right. Government hackers. So thecalling this SYEP clock cycle clubs, blink malware discoveredearlier this year. So here's the problem. What do you do if you'rethe federal government, how do you try and keep your countrysafe?
[00:26:51] Now we know. We've got these military contractors.They make missiles that take out missiles, right? The providedefensive systems. You've heard of iron dome from years ago, allthe way through all of the current stuff. That's what they do, butwhat do they do? What can they do when there's a botnet? A botnetis where there are multiple computers in this case, probably tensof thousands of computers located in the United States that areacting like sleeper.
[00:27:21] They sit there and they wait for commands as to whatthey should do. Should they try and attack a machine? Should theytry and spread more? Malware, what should they be doing? And the,these things are vicious. They are absolutely nasty. And in thiscase, we're looking at Russian malware. So Russia effectively likethe Americans.
[00:27:44] You might remember that TV show. It was great show,but that. Computers that are owned by you and me and our businessesand government agencies that are under the control of the Russians.Now you don't even know it. You're using your computer. You'replaying games. You're going to Facebook, whatever it is you do onyour computer.
[00:28:06] Your computer is under command and control of theRussians. So the FBI goes to a court and says, Hey, we've got to goahead and shut this down. We need a warrant. They get the warrantand the search and seizure warrant lets them now. Get on to thesemachines that are part of the bot net or the controlling machinesfor the bot net, and either remove the malware or go ahead and takecontrol of the botnet themselves.
[00:28:34] So it can't be used. And by the way, our friends atMicrosoft they've gotten involved in this too, which is reallyfrankly, cool in shutting down some of these botnets, Hey, I wantto encourage everyone. Take a couple of minutes, go to Craigpeterson.com/subscribe. That's Craig Peterson. CREI G P T R S ON.
[00:28:57] And subscribe, and I'll be sending you a specialreport on passwords. Plus two more. I send out the most popularspecial reports that anybody has ever asked for.
[00:29:10] Hey, I've got a little bit more to discuss on what'shappening with Russia and Microsoft and more, but I'm also going totalk about QR codes. There is a great explanation. That's in yournewsletter from Monday about why you shouldn't trust 'em.
[00:29:26] Let's finish up this Russian thing. And then we'regoing to get into why you cannot trust QR codes and a brand newway.
[00:29:36] The bad guys are using QR codes to really mess withus. Now, if you're watching over on either YouTube or on rumble,you'll see this. Let me pull up my screen for you. But here we go.Okay. This is very interesting. Then the last segment, we talked alittle bit about what our friends over at the FBI had been doing,which is they have been removing malware from people's computersbecause people haven't been keeping their computers up-to-dateright.
[00:30:11] Part of the botnets. So we explained. At the FBI,isn't the only one out there trying to stop these Russians and thehackers anonymous has been very big at it. In fact, let me pull upthis other article. This is from security affairs. And here we go.And it's talking about this whole army of these anonymoushackers.
[00:30:35] Now none of us have been a nightmare for manybusinesses that they didn't like. I had an anonymous we'll go aheadand they'll do usually pretty basic stuff. They'll do denial ofservice attacks and some other things, so they don't like youbecause of. The don't say gay bill in Florida, and, withoutbothering to do any research, they'll just start attackingorganizations that support it, or organizations that don't supportit depending on how they want to do it. So this is an interestingarticle here, because it's talking about these various. Websitesthat they've hacked. Now, some of them are government site and someof them are private industries. Now, one of the cool things, badthings about hacking private industry and releasing the emails isnow the competitors to these businesses know what they'redoing.
[00:31:31] And in some cases there's proprietary technologythat's being released. Now, when it comes to Russian proprietarytechnology. The Western world doesn't care a whole lot about someof it, but here's some examples of what these hacktivists ofGoDaddy. This is a company called forest 37,000 emails stolen fromthe company, Russian logging and wood manufacturing firm.
[00:31:55] Again, it would give a little bit of an idea into thewhole Russian, what are they doing? In the forest industry. Thisone, I think is a little more concerning for the Russians Aero gap.This is an engineering company that focuses in the oil and gasindustry. Their clients include a whole bunch of Russiancompanies.
[00:32:15] They've leaked approximately 100,000 emails from Aerogas. That is a huge deal because so much of the country's revenue,the number one industry in Russia is oil and gas. Petro Fort one ofthe largest office space and business centers in St. Petersburg,the hackers have leaked approximately 300,000 emails from Petrofork.
[00:32:41] Again, you can use that to find out what's happeningin your economy. What. Doing how are businesses doing? Are theygoing to go under so you can see some tweets here. I've got them upon my screen on YouTube and rumble anonymous. What they're sayingthat they've done and you can follow anonymous directly onTwitter.
[00:32:59] Particularly fond of them. They've done a lot ofthings that I disagree with. This is really telling us about awhole new approach to warfare, right back in the day, you and Icouldn't get involved, we could potentially take up arms and go andfight right there and think about the Spanish American war.
[00:33:18] Think about what's happening now in Ukraine, whereAmericans have just gone over there. Taken up firearms in order tohelp them defend Ukraine. People who are maybe of Ukrainiandescent, maybe not right. We have never seen this type ofinvolvement by average citizens because anonymous is not like somebig fancy company or government agency anonymous is a bunch ofpeople who are trying to be anonymous and do something.
[00:33:50] So they stole 145 gigabytes. Look at this. It's justcrazy. So he. The anonymous Twitter thread itself, right? Talkingabout what. It's absolutely incredible. Incredible. So that's whatanonymous is up to. They are hacking Russia and they're hackingRussia in a big way. Now, next stop. We have our friends atMicrosoft.
[00:34:15] Microsoft has been seizing Russian domains that theyare accusing of having been linked to these Russian hackers thathave been going after think tanks and government agencies in the US and the. He knew, I shouldn't say which I'm sure includes the UKcause UK has gotten involved. So this article from the verge istalking about how Microsoft has seized seven domains, belonging tofancy bear apt 28 which is we've seen them active in a number ofcompanies here, right in the Northeast United States.
[00:34:57] These companies who are. Trying to provide materials,software, hardware for government contracts, right? So they're noteven direct government contractors for the feds. They are just asub contractors. And then we've seen fancy bear in there. We'veseen the Chinese in these companies. It's incredible.
[00:35:19] They have no. DIA that all of their intellectualproperty is being stolen, which is why the federal government hasstarted cracking down on contractors and subcontractors and the,this whole paragraph 70 12 thing. We're getting geeky here, butcompanies that have to protect even unclassified information,confidential, classified, and they haven't been so Microsoft.
[00:35:46] Obtained a court order. You can see this on myscreen, over at YouTube and at rumble to take control of eachdomain on April six, that then started redirecting them to asinkhole. So what they do is they take control of the DNS for thedomain. So the root name servers, now, point to a Microsoft nameserver, and then send them to a sinkhole.
[00:36:09] A sinkhole is basically nowhere you go there. There'snothing on the site, right? Or in this case also servers used bycybersecurity experts to capture and analyze malicious connections.And they'll do this. Oftentimes, when we're talking about thesebotnets, like we talked about a little earlier today, so apparentlythey're trying to establish long-term access to the system.
[00:36:33] So the targets, what did we just talk about?Long-term acts. But net, right? That's what button that saw. SoMicrosoft has gotten involved. They've been doing this now for alittle while. It's obviously not their normal business model, butit is something that they've been doing. They were also, by theway, the fancy bear link to these cyber attacks on the DNC in2016.
[00:36:57] And they also targeted the UFC election in 2020,which is why, part of the reason why anyways, don't use electronicequipment for our elections, have paper ballot, have people countthose ballots yet it takes longer. You can't have the instant thingon TV, which is why all of these new services, they all don't dothat.
[00:37:18] That's ridiculous. But it's the only thing we canguarantee that these guys, like I got it up on the screen again.Fancy bear the Chinese et cetera. It's the only way they can getin. And if we were doing paper ballots and we had bipartisan peoplecounting the ballots and independence, counting the ballots,observing this, we wouldn't have all of these problems that we hadwith the last election where people were saying it was stolen.
[00:37:48] It was hacked. How do we know it was stolen? How dowe know it? Wasn't stolen? How, go back to paper ballots, get ridof the scanning machines and particularly get rid of theseelectronic voting machines where you touch the screen to cast yourvote. Those things are ridiculous. What if there's a software bugin it?
[00:38:06] How can you go back and change the vote? People thatcomplained about it again, and wait a minute. I voted for this guyand you had to record my vote for the other guy. It's ridiculous.Anyways. Back to QR codes. Okay. I'm going to pull this up on thisscreen because I think this is a cool article here.
[00:38:25] This is from a, actually a site over in India. It'scalled scroll.in, and they're talking in here about how hazardousit can be. To use QR codes. Now they're not saying don't use QRcodes, we've all had to use them. I've got up on my screen, thispicture of being at a table. And you scan the QR code in order toget the menu.
[00:38:48] In order to order, I did that. I was in Vermont andwe were riding motorcycles or buddy, and I go into the little tiny.Restaurant, small restaurant and I had a half a dozen tables andthey didn't have menus. You scanned it, the QR code that was thereon the table and you placed your order. And off it goes a lot ofplaces they've been doing that with menus.
[00:39:11] You've seen that more and more saves them money aswell and lets them change their prices more frequently. Yeah.Thanks for that inflation guys. Why shouldn't you use these QRcodes? Why should you be extra careful? Here's the answer. QR codesare the URL of a webpage. That's the bottom line. Would you click arandom URL that came in an email?
[00:39:37] Would you click on a random URL in an ad or on a webpage? We certainly know better than to cook URLs in our email. Butthat's exactly what the QR code is. And on top of it, the URL in aQR code tends to be what we call a shortened URL. So it might beBitly, so might be bit.ally/and then some random characters.
[00:40:04] How do you know where it's going to take? You don'tall you know, is it's going to take you to Bitly, but that BitlyURL could be sending you to a malicious site. And now your phonecould be hacked. It could be using your phone for Bitcoin miningfor who knows what. So be very careful and the bad guys are usingthese in a different way that you might not have seen before, whichis they are embedding QR code graphics.
[00:40:34] Into emails. And they're thinking that people aregoing to hold up their phone to the email and what are they goingto do? They're going to scan the QR code that was in their email.And now they're in trouble. Yeah, that's simple. Hey, visit meonline. Craig peterson.com. Make sure you sign up for mynewsletter.
[00:40:53] Craig peterson.com/subscribe course, Craig Peterson,S O n.com. And I'm going to send you. Top three special reports,absolutely free. We got to take care of these bad guys.
[00:41:08] This is a big deal, quite literally a big deal.Russian malware. We have been able to track it down now, track itdown to a single site. Yeah. All of these bad guys are in onebuilding in Moscow.
[00:41:25] Hi everybody. Of course, you're listening to CraigPeterson. Thanks for taking a little bit out of your day today. Aswe continue to really talk about the stuff that's most important inthe world, and there could be nothing more important, I think, thansome of our cyber security, our lives, our fortunes, et cetera.
[00:41:44] Last year we have to pay attention to well, This is avery big story and it's a bit of a scary one as well. We've had alot of ransomware over the years and a lot of ransomware. Have youhad it yourself? I bet you, if you haven't, someone who has hadransomware because frankly it is pervasive in every aspect ofpretty much everybody's life out there.
[00:42:12] So when you get hit with ransomware, Lately somethinga little different has happened. It's really gone through threephases. The first phase was the ransomware would get on to yoursystem. Usually it came as an attachment, probably embedded in likea word file it's been embedded in PDFs, embedded in all kinds ofstuff.
[00:42:35] Even drive by downloads on websites, have broughtmalware. But in this case yeah, it was annoying. It was a problem.It would give you a red screen. You've probably seen it beforewarning about the ransomware and it told you, okay, here's what youcan do to get your files back. And in order to get your files back,you usually.
[00:42:57] To go to some exchange online, take dollars, buy ofcourse, Bitcoin, or some other cryptocurrency. And then thatcryptocurrency would be used in exchange now for you to get a keythat would hopefully decrypt everything. And in reality, it oftendidn't encrypt hardly anything. So it's been a problem and aproblem for a lot of people.
[00:43:23] The FBI said that at the time. So this is a gen oneof ransomware. You were lucky if 50% of the time you got all yourdata back, gen two of ransomware is when the bad guys startedgetting a little bit smarter. They didn't just take your files.Thumb and then say, Hey, pay up buddy. What they did at this pointis that got onto your systems and they poked around.
[00:43:46] They went we call in the industry, east west on thenetwork. So they got onto you, maybe your kid's computer may, maybeyou were hooked up via VPN to the office to do work. And it wasn'ta great VPN. And the kid's computer had that virus and that virusweaseled his way all the way over the VPN, directly to the office,because remember.
[00:44:09] VPNs are. A network private in that. Yeah. Okay. It'sencrypted. And so someone who's got a wire tap isn't necessarilygoing to get anything, but it's a VPN, it's a tunnel. And thattunnel was used a many times for malware, like brand summer tocreep over to the office network. That's an east west is goingfrom.
[00:44:30] One machine to another machine. And in businesses,man, you saw that one a lot as that ransomware moved around. Sothat was the second one. So the rents were going on the machine. Itwould then look for files that is. You might not want to haveexposed. So it looked for files with bank account numbers in them,social security numbers, maybe intellectual property.
[00:44:57] We saw a lot of that. Theft is continuing to go onprimarily from the Chinese and then an intellectual property theft.And what happened next? While of course it ended up moving thedata, the files, and then what they would do. It's encrypt yourdesk. So before they gripped your desk, they got copies of all ofthe stuff they thought might be important to you.
[00:45:20] So now the threat was in version two of ransomwarepay up, or if you don't pay up, you are going to have to pay us tonot release your files. If you didn't want all of that clientinformation online, if by law, you would get nailed for having thatclient information out online. And that's true in most states now,and the federal government's from putting some teeth on some oftheir laws as well, then what are you going to do?
[00:45:49] Yeah, you paid the. So that was version two versionthree that we're seeing right now of ransomware is simplydestructive. And if you go way back in history, you may remember Igot hit with the Morris worm, which was one of the first pieces ofnastiness out on the internet. And that was early nineties.
[00:46:13] My business that I owned and was running, got hitwith this thing. Even before that, There was ran. There was a nastywhere viruses, if you will, that would get on the computer anddestroy everything. It was just a malicious, as I remember,somebody at UC Berkeley, some researcher in it. And he didn't likewhat that of the researchers were saying about him.
[00:46:35] So he put some floppy disk together and on them, heput. Erasing malware and shared all of the stats with anybody. Andof course, you plugged that disc into your, that little floppy discinto your windows computer. And it says, okay, I'm going to goahead and open it up. And, oh, look at this, a virus.
[00:46:56] And so he then wiped out the computer of everybodyelse. That was a competitor of his out there in the industry. Yeah,a little bit of a problem if he asked me, so how did that end upgetting around? What ended up happening while everybody got reallyupset with him, nobody really found out what was happening, who didit, et cetera.
[00:47:19] That's what's happened. Now, so version three ofmalware is like some of the very first malware we ever saw versionthree of ransomware. So some, again, some of that very firstransomware was pretty nasty is not the sort of stuff you want tosee running destroying files, but at least you could get back froma.
[00:47:40] Nowadays, a lot of people are doing backups byattaching a disc directly to their machine, or they're backing upto another machine on the same network. Remember that whole eastwest thing, you didn't want the data going back and forth, itcauses problems. Yeah. So what happens now? The Russians apparentlyare just trying to cause havoc with businesses, anybody who hasdecided that they're going to be anti-Russian in any way therethey're attacking.
[00:48:13] So they'll, reraise your desks. They'll erase all ofyour data. If you have backups on that thumb drive or that USBexternal. The good news erase that if you have backups on anothermachine, on the network, hopefully from their standpoint, there'llbe able to get onto that machine and erase all of your backups,which is again, why we'd like 3, 2, 1 backups.
[00:48:34] At the very least, there's some others that are evenbetter. And if you're interested, send me an emailme@craigpeterson.com. I'll send you a webinar that I did on this.I'm not charging you for. But it was a free webinar to begin withwhat a webinar on backup and how to backup properly and why to doit this way.
[00:48:54] Again, me, M E Craig peterson.com. Be glad to dothat. What we're seeing now is a huge problem. Let me see if thisis going to work for us. Yeah. Okay. It is. I am, by the way, livehere we go on my computer. So people who are watching. I can see mydesktop. So here we go. This is Russian companies who are linked tothis Russian malware.
[00:49:24] Ransomware are hiding in plain sight is what they'recalling it. So what does it mean. To hide in plain sight. While inthis case, what it means is money that's been paid by Americanbusinesses to these Russian ransomware gangs, some of who by theway, are actively going after anyone that criticizes Russia foundthese American researchers.
[00:49:50] Yeah. Led to one of Moscow's most prestigiousaddresses. You can see it up here on my screen. This is a New Yorktimes article. It's just a random actor, journalism people,sometimes even the New York times gets it. And they're sayingmillions of dollars have gone through this. So they've beentracing.
[00:50:10] Where did they go? The Biden administration has alsoapparently zeroed in on the building is called Federation towereast. It's the tallest skyscraper in the Russian Capitol. How wouldthat be to have a business and just this beautiful tall skyscraperand have a view that would be really cool. So they have targetedsome companies in the tower.
[00:50:32] As what it's trying to do is stop the ransomware guygang. Maiden cryptocurrencies. Russian law enforcement usually hasan answer to why don't you just shut down these bad guys that areout there trying to steal all of our money. They say there is nocase open in Russian jurisdiction. There are no victims.
[00:50:51] How do you expect us to prosecute these honorablepeople? That apparently is a quote from this Massachusetts basedsecure cybersecurity. Called recorded future, but I'm looking at apicture it's up on my screen right now. You guys can see it, butthis is the Moscow financial district called Moscow city.
[00:51:10] 97 floor Federation tower east. This is reallypretty, you wouldn't know this isn't like London or any other majorEuropean capital. There's some cranes in the background building upnew buildings. The cyber crime is really fueling some growth therein Moscow, which is, if you ask me the exact reason why lad ishappy as a clam to just go ahead and have these Russian cyber crimeguys.
[00:51:43] Just go and bring money in right. Money is bringingin great money for them. The treasury department, by the way, it'sestimated the Americans have paid $1.6 billion in ransom since2011. Huge one ransomware strain called RIAA committed an estimated$162 million. Last year. It is really something.
[00:52:07] So when we come back, we've got a lot more to talkabout. We're going to talk about the cloud. If it's more secure orwhy is it calm, broken, give masks work. Why aren't they workingright. Anyways, we'll talk about that. When we get back and visitme online, Craig Peter sohn.com.
[00:52:26] Stick around.
[00:52:29] I hate to say it, but there's another big scam outthere right now. And it is hitting many of us, particularly theelderly quite hard. We're going to talk about that right now, whatyou can do about it and how you can recognize when it'shappening.
[00:52:45] Interesting article that came out this week inwired.
[00:52:49] It's actually in Wired's. Let's see, what is a March2022 issue. It wasn't this week. Nevermind. And it's talking abouta serious problem. I'm going to show you guys who are watching Ihave this on rumble, YouTube, Facebook as well. So you guys can seealong and of course, right here, too.
[00:53:11] Now let's not forget about that, but this is anarticle that says we were calling or excuse me, they were callingfor help. Then they stole. Thousands of dollars. I'm going to readparts of this article. It's just amazing. It's by Becca, Andrew's aback channel. What is that? Okay, so that's just a cat.
[00:53:33] On December more one December morning, my mother'sphone rang. She tugged the iPhone from the holster. She keptclipped to the waist, her blue jeans and wondered who might becalling perhaps somebody from the church who was checking in on herrecovery from Corona virus. Hello. She said the voice that greetedher was masculine.
[00:53:53] This is just great writing. The color soundedconcerned and he told her something was. With her Amazon account,somebody has access to your bank accounts through Amazon and theycan take all your money. I'm calling to it. Her mind raced or Lord,she prayed silently. The voice was warm and reassuring them.
[00:54:15] My mom tried to focus closely on his words. My dadwas driving to work in his truck and she was home alone. She'd beencooped up in the house for weeks with COVID isolated from hercommunity and she missed the bomb. Friendly voice. I D I just loveher language here. It's just phenomenal. She tried to steadyherself.
[00:54:36] The man said he needed to make sure the money wassafe. He transferred her to a different male voice. Soothingreassuring, calm. She promised not to hang up a brain injurydecades earlier, made it hard for her to follow his instructions,but she stuck with it. The voice explained slowly, carefully, howto swipe and tap her phone until she had installed an app thatallowed him to see what was happening on her screen.
[00:55:07] Now. You followed her every move. After some hour,she mentioned she had to relieve herself hours. It's okay. I'llstay on the line. He said she parked the phone, outside thebathroom and picked it back up. When she was done as Noonerapproached, she told him I have to eat. I'll wait. It's okay. Don'thang up.
[00:55:28] We'll lose all our progress. She set the phone downon the counter to make a sandwich, then pulled some chips from thecabinet and padded over to the kitchen. The phone buzz with thetext. It was my father checking in. She typed back that there was aproblem, but she was fixing it. She had it all taken care of.
[00:55:48] She tapped the tiny white arrow next to the messagefield to send her reply. And then she heard the voice, its volumeelevated as sounded angry. She frowned and brought the phone backup to her ear. Why would you do that? You can't tell anyone what ifhe's in. She felt confused that didn't make any sense, but she alsodidn't fully trust herself.
[00:56:10] She was worn. From her slow recovery and the steroid,she was taken as a treatment, gave her a hollow buzz of energy. NowI want you guys to go have a look at this over on wired site. Readthe whole article. It is a phenomenal. Absolutely phenomenal. Butwhat it's doing is telling the story of this woman who was tryingto, do the right thing, trusting other people, which many of usdo?
[00:56:40] I have a default trust with a little trepidation. Iwill admit that, but with the whole. Down the thing that happened,many of us have just been longing for a little bit of companionshipand to hear a stranger who's trying to help out. That's a huge plusit goes on in this article and talks about how reassuring theseguys were and what they did.
[00:57:06] She installed this cash app and opened up PayPaldownloaded. Coinbase set up Zelle so she could send money directlyfrom her bank account. She doesn't know about any of these things.It's just incredible. So the afternoon wore on and the guy saidHey, we're almost done. And her husband of course, was on his wayback.
[00:57:30] And the sun was down. Father got home. He noticedright away that something was off. And she said she took care ofit. And you said you took care of what I'm not supposed to tellyou. It said, so the scammer had siphoned away. All of her personalinformation, the scammers had your social security number, date ofbirth driver's license number, and about $11,000.
[00:57:55] These new financial apps like Zelle and others thatare legitimate PayPal apps, right? Zell, you can use to send moneylegitimately to someone else. But it links into your bank account.That's why I don't like them. I have a friend that's been pushingme. Oh, this happens. Great. It saves you so much money on gas.
[00:58:15] Look at how much money I've saved any. He sent ascreenshot of it and I re I went online and had a look. And guesswhat? I read, reviews it again, like this tied into her bankaccount directly. And. What can happen? Like here, everything wasemptied. So in the next few months this author of the story and herfather tried to undo the damage.
[00:58:40] Very frustrating, getting scanned of course, isreally dehumanizing and it just breaks your trust and other people.How could someone do something like that? It's just incredible. Gotto go through the stages of grief and everything. She got a, shetalked to people, she said she got chili half replies, or just asoften silence.
[00:59:05] And she was calling around trying to find someone forsome empathy. Okay. It's just incredible. Great article. If you canstill find it, the March issue of wired, I'm sure it's availableonline. This goes on. And talks about her mother's seizures gettingworse. And of course now they don't have the cash that they hadbeen saving.
[00:59:27] And it just very depressing. Now I have this, youmight remember about a year ago, I talked about it. I had somethinglike this happen to a friend of mine and I'm still not quite surewhat happened, but it looks like it was a password sprain orpassword stuffing. And they got into his, the app that his companyuses to pay people and sure enough, they got in and they directedhis next two paychecks to their own account, which went right outof the country like that.
[01:00:05] These are bad people. And how do you deal with this?It's incredible because if you've got someone like her mother whohas mental problems due to no fault of her own and is a verytrusting woman, what do you do? She's walking around all day withher phone on her hip. That's how we started this out.
[01:00:27] Do you take that phone away from him? Th that wouldbe dangerous, frankly. So this is a very problem. They had a USAAaccount was her bank account. USAA is usually good about this sortof stuff. In fact, my other friend had USAA as well. But they didhelp deactivate Zelle, but they didn't do anything about the $999that were transferred through it.
[01:00:51] Very bad. So they figured out maybe we should changeour passwords. She had them change them. And if you would likeinformation about password managers, again, I'm not sellinganything. I'd be glad to send them to you. If you sign up for myemail list, you're going to get them automatically. Craigpeterson.com.
[01:01:11] I've got a bunch of data information I want in yourhands. It talks about the free stuff, talks about the paid stuff.None of which I'm selling you. Craig Peter sohn.com. Sign up rightthere on the top of the page. Thanks. Stick around.
[01:01:32] We've had some serious supply chain attacks over thelast couple of years. And they have caused all kinds of problemsfor tens of thousands of businesses. If you use WordPress, therewas one of those this week.
[01:01:47] We have had supply chain problems. Like you wouldn'tbelieve. So let's start out by explaining what is a supply chainproblem?
[01:01:58] In this case, we're narrowing it down tocybersecurity because we've had supply chain problems fromeverything from our toilet paper to the food we eat. But what I'mtalking about right now is. Supply chains when it comes to cybersecurity. And one of the biggest problems we had was a companythat's supposedly providing cyber security for businesses,right?
[01:02:29] Some of the biggest businesses in the world. And I'mlooking at an article right now from security Boulevard, say sayinghow to protect the supply chain from vulnerable third party code.It can be a script that's downloaded online. It can be an opensource library. We've seen big problems with get hub lately andpulling in libraries.
[01:02:51] We've seen big problems with what are calledcontainers lately, which are little mini versions of computers withall of the software. They're all ready to go. Ready and raring togo. All kinds of supply chain issues for a very long time now. Andthese supply chain, cyber attacks have been hitting some of ourcybersecurity companies, really the hardest I'm pulling this up onmy screen right now, if you're watching this on rumble or onYouTube, and you can see links to those, by the way, in my emails,I send out every week.
[01:03:28] Craig peterson.com. Craig peterson.com. But you cansee here, supply chain hits cybersecurity hard supply chainsecurity is not a problem. It's a predicament. That's uninterestinglook because we have to use some of the supply chain stuff. Seesawthe FBI or a sheer wean cybersecurity advisories because of theRussian attack over on Ukraine.
[01:03:55] And then the U S the weakest link in supply chainsecurity fears of rising fuel SISA FBI NSA and gestural partners.Issue is advisories Toyota stops production after possible cyberattack at a supplier. Isn't that something this goes on and on.What's a guy to do, right? Many of us are using websites to, inorder to run our businesses.
[01:04:24] Heck we got websites for our soccer team, for thekids, we got websites for pretty much everything that's out theretoday and those websites need software in order to run. So thebasic idea of the website is nowadays. Content management system,they called CMS CMSs and there have been a lot over the years.
[01:04:46] I've used quite a few myself off and on. This is veryinteresting though, because this particular piece of. Is code thatruns a website. I'm going to show you this article from ARSTechnica here on the screen, but it's talking about millions ofWordPress sites that got a forced update to patch critical pluginflaws.
[01:05:13] So when we're talking about supply chain, in thiscase, we're talking about something. WordPress right. And thisWordPress software as good as it is, can have bugs. So WordPress isthe content management system. So you load stuff up into, in fact,I'll bring up my site right now. So I'm going to bring up the Craigpeterson.com.
[01:05:37] And on my site, I have all kinds of stuff, which iswhy it's so slow to load. I've got to fix that one of these days,but this is an example of a WordPress site. So you can see right atthe top of the site, I've got watch this week, show jobs, or top,of course, that was last week. You can watch it on rumble or a newtube, and then it's got my latest show.
[01:05:59] So if you click on one of these, here you go. And youcan listen to it. Starts right out here. C ta-da. So there, you canlisten to my podcast right there on the site, and I've got anautomated transcript of it. It's for you, depending on what youwant. It's got links over here to take you to iTunes or YouTube orSpotify or SoundCloud or iHeart or Google player audible.
[01:06:26] All of these links take you to different places. Andthis site in survey, Program a site in HTML. What we're doing iswe're working. Putting some data in, so we say, okay, I want adefault page. Somebody else has already set it up. Somebody elsehas already got an old program. It just works. And it's all rightthere for me.
[01:06:49] Here's some related posts on the side. Here's themost popular ones that we have right now. This is a contentmanagement system. And specifically this of course is WordPress. Sowhat happened. If I had a, yeah. And here's what it looks like overan audible, you can listen for free on. This is what happened thislast week, WordPress, which has this great software that I use andtens of thousands of others use out there very popular.
[01:07:27] And in order to make it easy for me to have mywebsite, probably your business, probably your kids' soccer club,you name it is using WordPress. It's just over the top hop healer.It is using code that was written by other people. The reason wecan make programs so quickly nowadays is we're relying on otherprograms.
[01:07:51] So we'll go ahead and we'll grab this program thatdoes this part of what we need to have done, and ta-da we're up andwe're running. I just have to write the glue right? To put ittogether. The API calls, whatever it might be, because the idea islet's make it easier for programmers. So you've got somethingcalled get hub here.
[01:08:11] Let me pull it up so you can see that you can goonline if you're following along. To get hub.com. And as it saysright there on their front page where the world builds software asa beautiful world, isn't it? That blue, you can see the air aroundit. And that's what it's doing is where the world buildssoftware.
[01:08:33] So let's say we want something. What do we want?What's a, let's say we want something to make a chess program. Wecan talk about chess and let's say, oh, you have to. I Dan didn'twant to do this, so I'm just going to skip that for now. But itwould come up and tell me, okay here's all of the chess programsthat are out there and I find one, that's close to what I want todo.
[01:08:54] So what do I do? Point while I go ahead and have alook at the license, a lot of the programs up there have a veryopen license, so I can just take that code, modify it. And I have achess program without having to write a chess. It's really thatsimple that's part of the supply chain. If you bought my chestprogram, you would actually not just be getting the code that Iwrote, which is typically just glue code with maybe some API APIsor application programming interfaces.
[01:09:25] In other words, you're using someone else's codewould now make it who's program. It's like the Pharaoh's barge. Itwould make it other people's programs. Not my. So you got to figureout what's in my supply chain. I've got a new client. I do work asa virtual chief information security officer.
[01:09:46] Actually, it's a fractional Cecil. And as afractional Cecil, one of the things I have to do is look at thewhole supply chain. Who are they buying even physical things from.And could there be. Did it into their software, into their systems,something that might be coming from yet another supplier. Man, doesthis get complicated?
[01:10:09] Very fast, but this week, our friends at WordPress,they went ahead and forced all WordPress sites to update. Verygood. Okay. Otherwise, people could have downloaded a full backupof the sites that are out there, something you really just don'twant to happen. Anyways. Go right now, Craig Peter sohn.com whilethe bits are still hot and sign up right there.
[01:10:36] Craig peterson.com for the newsletter and get thosespecial reports that are going to get you started.
[01:10:43] This is the moment you've been waiting for. We'regoing to talk about free cybersecurity services and tools that youcan use. Now you have to be a little bit of a cybersecurity expertto use them, but not much. This is from the government.
[01:10:59] This is I think an amazing thing. This only came outwithin the last few weeks.
[01:11:07] I have it up on my screen. There we go right now, forthose of you who are watching on rumble or YouTube, you can see itright there, free cybersecurity services and tools from. Thecybersecurity and infrastructure security agency SISA reminds me ofMarvel was shield, that really long name that came up with anacronym for as though they weren't aiming for that acronym in thefirst place, but there are some tools that you can use there'stools that I use as a cybersecurity professional.
[01:11:42] And some of them are obviously going to be prettydarn. Complex. And if you're looking at my screen right now, or ifyou want to go online at csun.gov/free-cybersecurity-services,dash, and the as tools, or just look it up online, you'll find thison my website as well. I'm going to try and make sure I get thatup.
[01:12:07] But what they have done is they're showing you whatthey call their key or the known exploited vulnerabilities. Okay.And this is where they are showing the CVEs, which are. Thefrankly, these are the ones that I use. It is published by nest,which is the national institutes of standard and Sanders andtechnology.
[01:12:31] And this gives all of the details. So this is CVE 2021, 27. Okay, and this is detail, and of course I would be usingdetail. And it's telling you, here's the advisories, there's onefrom get hub Excel. Leon has one. Here's the weaknesses, the SA theknown soccer configurations. So you can find where they all are atand everything.
[01:12:56] So all of the details. So they're telling you aboutthat. These are the ones, this was in the vendor product. Project,I should say. So we'll look at the data added to catalog. Here area few in Cisco right now. So this is their small business series ofrouters, which we do not use for anyone because they don't providethe type of security you want, but Cisco is taking care of theproblems, right?
[01:13:23] Many of these update themselves, here's Microsoftwindows. And installer contains an unexpected unspecifiedvulnerability, which allows for privilege escalation, a lot ofstuff this week, this is crazy Apache Tomcat, which I am never beena fan of and problems. So all of these came out. On March 3rd andmore rights.
[01:13:47] This is just page one. So let's look at page twohere. Oh wow. More Microsoft Excel exchange server, some more Ciscovulnerabilities. Why Cisco? Why Microsoft? Because they arefrankly. The big boys on the block, that why do you Rob the bank?Because that's where the money is. So they list all of those righthere, as he said, does the warning you do use multifactorauthentication?
[01:14:16] I don't want to sound like a broken record, so I'mnot going to say use multifactor authentication today. Okay. I justrefuse to say use multi-factor authentication. And this one talksabout what it is, right? Many names. Now they're trying to makethis. But really a Fido key fast at any online considered the goldstandard or multi-factor authentication Walt for online.
[01:14:40] It is websites, but not for authors. So how would youknow that if you weren't an expert? So yeah, this is the governmenttalking, right? So they have the service. So what does, what do Ido right? Me, Mr. Idiot. I click on this and they are talking aboutthe service that they've got them showing it up on the screen.
[01:15:02] It's called SISA insight. And they're talking aboutwebsite, defacement, destructive malware, or not Petya want to cry,right? All these things. What can you do to prevent it? And. Theymake it sound easy. Now I want to say something here because I, Ihave a couple of mastermind groups and in one of my groups, Irescued a group member from a 40 something thousand dollarloss.
[01:15:31] And so I was explaining it in our next mastermindmeeting. Cause everyone wanted to know. What should I do? Howshould I do it? And they all tuned out and I thought I was tryingto, I was being simple enough. I was trying to be simple, not likesimple Kamala Harris explaining that Ukraine is a country besideright next to another country called Russia.
[01:15:55] And that's why there's an invasion. Okay. I couldn'tbelieve that. Did you guys hear that? It was just incredible, but Ididn't get that simple. And I know you guys are the best andbrightest, and you're trying to figure this, all this stuff allout, and that's why you need to make sure you sign up for my emaillist right now, because I do have simple step-by-step stuff.
[01:16:17] And these tools that they're talking about andservices are supposedly available. Now, I went to a bunch of these.And I tried to get some services. So they said they'll do a freescan over the network. So I filled it all out and according totheir standards, my company, because I do cybersecurity foreverything from government contractors, through dentists andmanufacturers and distribution companies.
[01:16:50] So I, I. The critical infrastructure definition. AndI have never heard back from them. I check my spam box at leastonce a week looking for their reply. So I don't hold up a whole lotof hope, but there is some good information here that you can getemail via social media via just all of these different types ofthings that.
[01:17:15] You could use for it. And again, I want you to lookfor it online. It's on csun.gov. If you go to their homepage,you'll see their tools, they've got a shields up a warning rightnow on their homepage because there have been so many attackscoming from China and coming from Russia, but particularlyRussia.
[01:17:34] And you can see there. Stop ransomware.gov, which hassome great tips, particularly for home users and small businesses.The Seesaw culture, height, hygiene services. That they have doingbusiness with CSUN and careers they're looking forward to is okay.It's part of Homeland security. So there's a whole lot that you cando and you can find, but I wanted to let you guys know that this isout there.
[01:18:04] A lot of the stuff guaranteed is going to be. Above98% of people's heads out there. Just in general, even itprofessionals. So look for information, that's going to help you.That's on your level. And to that end we have right now, threethings. If you sign up for the email list, or if you're already onmy email list, you can just email.
[01:18:30] Me@craigpeterson.com or just hit reply to any of myemails and I'll see it and ask for them. But we've got stuff onyour computer, keeping it secure, keeping your password securecomparison between using a one password manager or using last pass,which I am not advising to use right now, but that's in there.
[01:18:54] There are a lot of different things that are therethat are ready for you to get right away. And then if you haveother questions, I've got dozens of little special reports thatI've written in response to people's questions. Don't be afraid tosend them to me. I'd you know me@craigpeterson.com and I'll makesure I get you an answer because it's that important.
[01:19:20] Okay. I'm not here trying to sell you something. I amhere because most of you guys can could never get my services. Youdon't need them. You can't afford them, whatever. I'm a fractionalCecil. I'm one of the guys that keep. It was a cyber securityworking in a live for businesses. Like it's not going to beeverybody, but it's, it is there is, I should say a lot ofinformation you guys need and need to understand, and I want tohelp you. Okay. I think I've beaten that horse enough and it wasprobably past dead, but you'll find some of this stuff on mywebsite@craigpeterson.com.
[01:19:58] I've been working on some other changes to it. Iwould also ask you guys. If you're hearing part of the show today,I know a lot of people who are listening on the radio are tend tobe out and about in their cars, listening, on the weekend, Ilistened to a lot of radio then, but go ahead and subscribe toeither my podcast.
[01:20:19] And there are a lot of ways to do that. And I showedthose people who are watching on video, how to do that. And if youwould give me a five star. On whatever platform you're using,hopefully I've earned that. And then also if you'd like video, Ihave my whole show up. It's like about an hour and a half long onmultiple platforms.
[01:20:44] So rumble.com rumble, R U M B L E. Is a competitor toYouTube. So if you don't like censorship, if you want a site thatis trying to keep that information out there, get it out there foryou. A rumble is your place. You'll find all kinds of interestingcharacters there other than myself, right? A lot of conservativepeople go there to rumble.com.
[01:21:09] I have it up on YouTube. Because YouTube, isn't theworst platform in the world. They're also not the best, but theyare the biggest. Did you know, YouTube is the second largest searchengine in the world. Okay. They have a lot of people on YouTube andthen on Facebook as well. You'll find me there on Facebook.
[01:21:28] Of course, Craig Peterson, I had. I excuse me atfacebook.com/craig Peterson. And I didn't use it for a long timecause I hated Facebook. Just, I looked at it as a time sink that Ijust didn't need. I got a lot of stuff. I got a lot of people helpand so I didn't really do anything with it. And so somebody elsegot the slash Craig Peterson, but I do have a trick for you.
[01:21:52] If you go online with your web browser to Craigpeterson.com. That's my website slash. YouTube. It'll take youright to my YouTube page. Ores Craig peterson.com/facebook. Yes.What do your Facebook page? Craig peterson.com/itunes. Good slashsound cloud, et cetera. It'll take you right to my page on all ofthose sites and have a look at the video.
[01:22:21] Let me know what you think. I would appreciate thatfeedback and make sure you tune in on the radio too. It's great.Don't watch this while you're driving to taking the kids to school,a lot of people listen to this while they're taking the kids toschool on podcast. Anyways, take care. Thanks for being withus.