Apr 1, 2022
Are YouReady For Data Wiping Attacks?
Yet another warning coming out from the federal government aboutcyber security. And this one is based on what's been happening inUkraine. So we're going to talk about that situation, the wholecyber security over there and why it's coming here.
[Automated transcript follows]
CISA is the cybersecurity and infrastructure security agency.How's that for a name it's not as bad as what does that shieldright over from the Marvel universe, but the cybersecurity andinfrastructure security agency is the agency that was created tonot just protect federal government systems, although they areproviding information for.
[00:00:41] People who protect those systems, but also forbusinesses and you and me and our homes. So they keep an eye onwhat's happening, what the various companies out there are finding,because most of the cybersecurity information that we get is fromprivate companies and they. But it altogether, put it in a nicelittle wrapping paper.
[00:01:05] In fact, you can go onto their website anytime thatyou'd like to, and find all kinds of stuff that is going to helpyou out. They've got a ton of documents that you can download forfree little steps that you can take. It's at csun.gov, C I S a.gov.And they've got the known exploited vulnerabilities catalog.
[00:01:30] That's something that we keep up to date on to helpmake sure our clients are staying ahead of the game. They've alsogot their review board securing public gatherings. They also runthe stop ransomware.gov site that you might want to check out. Andwe'll be talking a little bit more about ransomware and the ways toprotect yourself a little later today.
[00:01:52] Now Seesaw is interesting too, because when they arereleasing information, most Americans really aren't aware that theyeven exist. They do. And they've got a big warning for us thisweek. There's a site that I follow called bleeping computer thatyou might want to keep an eye on and they have.
[00:02:15] I'll report just out this week that you, cranegovernment agencies and corporate entities were being attacked.This was a coordinated cyber attack last Friday, a week ago, wherewebsites were defaced data wiping malware was deployed and causingall of these systems to become not just a corrupt, but some ofthese windows devices to be completely.
[00:02:45] Operable now that is a bad thing. The reason forthis, this is speculation, but it isn't a whole lot of speculation.Right? Am I getting out of, on a limb here particularly, but thewhole idea behind this is a cyber war, that Russia's got, what isit now? 130,000 troops, whatever it is over a hundred thousand.
[00:03:08] On the border of Ukraine, they invaded Ukraine a fewyears ago. Russians shot down a passenger airline in Ukrainian airspace. This that was a few years back. They've been doing all kindsof nastiness to those poor Ukrainians. They also had a massiveransomware attack in Ukraine. That was aimed at their taxsoftware.
[00:03:35] Some countries do the electronic filing thing a lotdifferently than the us does. A couple of examples are Ukraine.France is another one that comes to mind. We have clients in Francethat we've had to help with cyber safety. And we're always gettingpopups about major security problems in the tax software, becausethey have to use this software that's provided by the Frenchgovernment.
[00:04:03] Ukraine's kind of the same way. The biggest. Companyproviding and the tax filing software for Ukraine was hacked andthey use that hack to then get into the tech software and make itso that when that software was run by these Ukrainian companies,they would get ransomware. It was really rather nasty.
[00:04:30] So the Russians had been playing games over inUkraine for quite a while. But what's apparently happened now, isthat a thing? Those things, same things are coming our way now.It's not just because of the fact that a Ukraine is beingthreatened, maybe they're going to encroach even more, take morethan Crimea, which they did last time.
[00:04:56] We're in the U S and what are we doing? President?Biden's been sending troops to Europe, troops to Poland, Germany,and also advisors to the Ukraine. He's removed the embassy staff,at least the vast majority of it from Ukraine. And I just I think.To what happened with his completely unplanned withdrawal that wedid in Afghanistan and how things just got really bad there.
[00:05:28] And I'm not worried about what's going to happen inUkraine because the Russians aren't particularly fond of the ideathat we are sending aid and support to. Yeah, it's a bad thing.President Obama sent them blankets, but Biden is sending themmilitary weapons and ordinance, which is what they'd need tofight.
[00:05:53] So Russia has shown that they will attack a countryvia electronic means cyber means, right? Cyber attacks. And sowhat's happening now is the bad guys from. That have been thefacing websites and who have been doing more than that, wipingcomputers and making them completely unusable could well come afterus because they're really going to be upset with what's happeningnow.
[00:06:27] And that was CNN has reported the Ukrainian itservices company that helped develop many of these sites was also abig. And of course that means bottom line, that this is what'scalled a supply chain attack. What I mentioned earlier with theUkrainian tax software, that's a supply chain attack where you arebuying that software, or you're mandated to use the software tofile your taxes by the government.
[00:06:57] And what happens while it turns out that software iscontaminated, that's called a supply chain attack. Now crane issueda press release about a week ago, saying that the entities were hitby both attacks, leading them to believe that they werecoordinated. This is a quote here. Thus, it can be argued with highprobability that the interface.
[00:07:24] Of websites have attacked government agencies anddestruction of data by Viper are part of a cyber attacking, butcausing as much damage to the infrastructure of state electronicresource that's from the Ukrainian government, not the bestEnglish, but their English is much better than my Ukrainian orRussian.
[00:07:44] So you, crane is blaming these attacks on Russia,incomes, CS. So you says now urgent. Business people in the us andother organizations to take some specific steps. So quote, herefrom the Seesaw insights bulletin, the CSO insights is intended toensure that senior leaders at the top of every organizational wherethe cyber risks and take urgent near term steps to reduce thelikelihood and impact of a potentially damaging compromise.
[00:08:19] All organizations, regardless of the sector or sideshould immediately implement the steps outlined below. So here'sthe steps and there are a lot of them. One I'm going to do these,you should find in your newsletter today. Hopefully that all madeit in. But three basic things. One reduce the likelihood of adamaging cyber intrusion.
[00:08:46] And we're going to talk about the best way to dobackups here a little later on today. Make sure your software is upto date. Make sure your organization's it personnel disabled, allports and protocols, not essential for business purposes. This isall basic stuff, but I got to say. I bet you, 98% of businesses andorganizations, haven't done these things.
[00:09:07] The next major category here, take steps to quicklydetect a potential intrusion, and then ultimately maximize theorganizations resilient to destructive. Incident. So that meansdoing things like testing your backup procedure, make sure yourdata can be restored rapidly, or you have a way to get yourbusiness back online quickly.
[00:09:31] What we tend to do is in our backup strategy,depending on how much the company can afford, to be down. To be outof business if they lose all of their stock versus what it costs todo this, but we will put a server on site at the company and thatserver then does some of the backups, right? It does all of theinitial backups.
[00:09:55] And then what happens is it gets relayed to us. Itgets pushed to tape and tape is really good. We'll talk about thatin just a few minutes, but the other big thing is. The backup thatwe have local to their business also has what's called a virtualmachine infrastructure built on it. So if a machine goes down, Ifit gets wiped or if it just crashes and can't be recovered easily,we can spin up that machine.
[00:10:27] A copy of it in our little virtual environment injust a matter of minutes. So these are all things you should beconsidering. If you're interested, you can send an email tome@craigpeterson.com. I can send you a checklist that a little moreextensive than this, or I can help you with any other questions youhave.
[00:10:47] I get lots of questions every week from everythingfor on retirees, wondering what they should do all the way throughbusinesses that we help government contractors and others. Thisisn't good. Russia is likely coming after us. Based on this. Visitme online. Craig peterson.com or email me@craigpeterson.com withyour questions.
[00:11:14] With all of this talk about hackers, ransomware data,wiping systems. What's the best way to protect yourself, but whatdo you do to really protect against ransomware? I can tell you,it's not just plugging another hard disk into do backup.
[00:11:31] We've got so many hackers out there. We're talkingabout a multi-billion dollar industry to go after us.
[00:11:39] It's just depressing. Really. When you think aboutit, I think about the old days where security, wasn't a hugeconcern, right? Physical security. I had one of my first jobs wasat a bank and I was, this was back way back in the a G it wouldhave been the mid seventies and I was one of the operators of themain.
[00:12:05] And so as a mainframe operator, we'd load up thetapes and we would ship them places. We'd also go ahead and putthem in the vault so that they were in a fireproof vault, and wecould recover anything we needed to recover. It worked out prettydarn well, and it was a fun job, but most of the time it wascleaning the tape drive heads and taking those tapes, those biground tapes, you might remember those.
[00:12:33] Nine track tapes and maybe the fancy stuff, 52 50 BPIor 800 BPI of one end or the other, or the spectrum. And we justhad to make sure they were physically safe nowadays of course,mainframes are still around and are still absolutely fantastic.They're just phenomenal. Some of the technology IBM has in theirmainframes.
[00:12:59] Most of us, aren't using those. Most of us are usinga regular computer or I'm sitting in front of a Mac right now thatI use for the radio show. We have windows, computers, Linuxmachines, right? All of those things that we have in our businessand that we maintain securely for our clients. But what do you dowhen we're talking about random?
[00:13:23] You can cross your fingers and hope that you'd hopeyou don't get ransomed. That sort of a practice doesn't usuallywork out too well for people, but you can do backups and manypeople do. So let's talk about the backups. Let's say that you haveyour computer and you're doing a backup and you have one or twogenerations worth of backups for your company.
[00:13:47] Ransomware nowadays does not just typically destroyyour whole disk. Usually what it does is it encrypts files like docfiles, doc X, right? Excel files, all kinds of files that thinksmight be useful to you. And then of course, the rest, it pops upsays, pay me. And off you go. The reason for that is so yourcomputer still works so that you can enter in the decryptioncode.
[00:14:18] Once you've paid the ransom, hopefully it works foryou give or take 50% of the time. You will get your data back. Ifyou pay the ransom much of the time. But let's go back to that oneor two generations of backup. You're using a cloud service, let'ssay, and your computer gets ransomware. That cloud service backupsoftware will still work.
[00:14:43] What if it's working? So you're now backing up yourencrypted files to the backup site in the cloud. Do you see whereI'm going with this? Your backups? No. Same thing is true. Ifyou're backing up to a local hard disk, many people do it and it'shandy. I recommend that you do that, but it's not all you shoulddo.
[00:15:08] So that disc is attached. We had a. Boy, who was ithere? Yeah, we have a client in Maine and they have a really smartsystem administrator and he designed these disk drives that wouldphysically disconnect themselves from a machine when the backup wasnot running and would physically connect themselves when thebackup.
[00:15:34] Was running. So the idea there was okay, great. We'vegot a local backup on a local disk and if the bad guys managed toget a hold of the machine, they're not going to be able to encryptthe. And, as long as the backup isn't running, I thought that was abrilliant solution. Doesn't solve some problems, but it certainlytakes care of some others.
[00:15:58] So if you are doing a backup, you've got to make sureyou've got multi generations. I tend to keep a year's worth. Nowthere's other considerations. There's the federal rules of.Procedures that say you have to have bad cops. They have to go backyears. And there are also other things the payment card industryrequires certain types of backups.
[00:16:25] If you are a government contract, We have them asclients and they have certain data retention policies based on thelength of the contract. They have keep it for some yearsafterwards. It goes on and on. So if your data is lost or stolen orencrypted, and your backup is encrypted or deleted, You are in realtrouble depending on the type of business you're in.
[00:16:56] So what's the right answer to this. I've talked about3, 2, 1 backup for a long time, and it's still a very goodmethodology for doing backups, but nowadays they're talking about3, 2, 1, 1 backup, which is again, that's a bit of a differentmethodology. In doing backups, but the idea is you've got multiplecopies of your data on multiple types of media in multipleplaces.
[00:17:29] That's the bottom line. What is the gold standard forthis? I it's something that gets to be a little expensive. Again,we have another client that we've had for years, and they arelooking for a replacement for the backup system. Now. And so weproposed something that's based on what's called LTO technology,which is a type of a tape drive.
[00:17:55] It's a small cassette, right? It's not those big 12inch reels of tape that we used to lug around and it's amazinglydance. The new LTO tape drives have space on them for as much as45. Terabytes of information. It's also great because it'sencrypted by hardware, government level encryption automatically,and those tapes can be taken offline.
[00:18:25] You can take the tape. Now we picked up a client whohad been doing backups and they were using little USB drives andevery day he'd take the drive home and bring in the next drive. Sohe had five drives, right? So he had the drive for Monday, Tuesday,Wednesday, Thursday, Friday. And he was taking them home, but hemissed one of the key things to check the back.
[00:18:53] He hadn't checked the backup and their backup had notbeen running for more than a year and a half. So that's the otherthing you have to do? The LTO tapes are really the gold standard.It goes back to that for one of the first jobs of mine, right? Thejob I mentioned, where I was mounting tapes and filing them andmoving them around and mountain disc packs and pulling them out andeverything.
[00:19:19] It still makes sense. They'll last for decades, theycannot be hacked because they are literally offline. You can shipthem to places to have them stored. I have a course on backups andif you're really interested, send me a an email tome@craigpeterson.com. And I'll go ahead and. Send you a link to thecourse, you can watch it.
[00:19:48] But yeah, I think this is really important. Ofcourse, I'm not going to charge you for that, but magnetic tapeit's established. It's understood. It's proven it's been around formany decades and LTO tape is unique. It needs all five bestpractices for addressing ransomware. Even be able to recover.
[00:20:12] If you want more information, just emailme@craigpeterson.com or sign up for my free newsletter. Craigpeterson.com.
[00:20:22] Switching from gasoline powered engines to these newelectric cars is no environmental panacea. At least that's whatWest Virginia university is saying. And the E. Just changed itsmind as well.
[00:20:38] Ford of course, about a year ago, unveiled its newelectric.
[00:20:43] F-150 the lightning and Ford has stopped takingorders for them because they are going to have to make double whatthey thought they would have to make. Ford also has a similarproblem with yet another electric vehicle. The Mustang GM is doinga few different electric. Coles. And so is everybody else, frankly,Porsche even now has an electric car out.
[00:21:11] That is all well and good. Isn't it. And there'scertainly problems, particularly with manufacturing nowadays,trying to get the CPU's and other electronic components you need.They're even having trouble getting electric motors for electricwindows in vehicles. Now they're coming. Crank window with a littlecoupon saying later on, we'll convert it to electric for you allkinds of problems, but there's one that I haven't heard anybody butmyself talk about.
[00:21:44] And so I was online looking around, doing somesearches, seeing if I was, like the only one there's no way rightnow, I'm not the smartest person in the world. I don't pay the mostattention to everything. And I found that. Virginia university isin total agreement with that with me, it's just amazing.
[00:22:06] They looked at recent trends and they're cautioningas I have been for years, at least a decade. Now they're cautioningabout what seems to be a race to put more electric vehicles. On theroad. And the problem is that these electric vehicles in theirdemand for electricity may well out, run what's needed to keep thevehicles on the road.
[00:22:35] So here's a quote from them. The electric grid willstruggle to handle the quick charging of very many electricvehicles at the same time. Okay yeah, by the way, like hardly anyquick charging is generally what everyone thinks about, like goingto the gas station, getting a full charge in 10 to 15 minutes,which would be a tremendous instantaneous load on the localdistribution center.
[00:23:03] My concern is the huge power dumps required at quickcharging stations along the interstate. It sounds good, but it'llrequire a lot of new infrastructure to get the power to thecharging stations, as well as building those charging stations. Sowhere does the power come from? Power storage is going to berequired if we're going to also move towards fixing.
[00:23:28] Power sources such as solar and wind. We do not havepower storage capability yet in large enough quantities to do thison a large scale. Solar does not work at night. The wind doesn'tblow all the time. Also, we do not have the distribution on thestreets to move fast charging into residential neighborhoods onmass.
[00:23:52] Electric vehicles are great, but we have not fullyconsidered the impact it'll have on our electrical gridinfrastructure. It will require a lot of expansion of ourelectrical distribution and charging facilities. Remember, electricpower comes from the power company. I heard an interview with alady the other day, and they asked her, where does the electricitycome?
[00:24:15] She said, From the plugin, the wall, right? We mustconsider this when considering wide-scale electric vehicleadoption, much as there is to gain from electric vehicles. I don'tbelieve we're ready yet as a society for completely electricalvehicle transportation system. With time and infrastructuredevelopment, we can be.
[00:24:37] I totally agree. This is Rory Nutter, professor lane,department of computer science, electrical engineering, Benjamin M.Slater, college of engineering and mineral resources. I totallyagree with that. We don't have the ability to generate theelectricity. We don't have the ability to store the excesselectricity.
[00:25:01] So in other words, if we're using solar at nighttime,we don't have the sun, we can't run solar. So we got to store thesolar. And in fact, we have to make about twice as much electricityas we need during the day so that if we can store it, we can thenuse it in. The same thing with wind, right? It's fickle.
[00:25:24] It just doesn't work that well. So what do we need?Basically right now, we need to stop turning off our coal poweredplants, our natural gas plans and our nuclear plant. Because weneed to still have electricity. Look at what's happened last year.And this year over in Europe with the crazy cutbacks that they'vebeen doing on some of these plants, coal nowadays with thescrubbers that are on our cold powered, flat plant is cleanenergy.
[00:25:58] It's not like the old days where you lived on thesouth side of the tracks and you got all of the wind blowingtowards you that had all of that nasty cold ass. You ever seen anyof those pictures? It was just terrible. All of that nasty sitcom.It's not something we need to worry about nowadays.
[00:26:16] The other big thing that ties into all of this is sohow do we generate our electricity cleanly? A hundred percentcleanly? Nothing. Per cent, but just a couple of weeks ago, theEuropean commission presented their 27 members states with newdraft rules that classified natural gas and nuclear power as greenfuels for electricity generation.
[00:26:47] Listen, if we want electric cars, which as we'vetalked about before are highly polluting. Yes. Because of thematerials in them, because of the materials that go into thebatteries, having to mine it, having to ship it, having to processit and then having to change out those battery packs after 80,000or a hundred thousand miles.
[00:27:09] Did you see this guy? There was a meme in the videoabout this online a few weeks ago. How to test. His Tesla needed abattery replacement. It would cost him, I can't remember what itwas. 20, $30,000. A lot of money. So he decided to just blow up thecar. That's all it took. I saw another Tesla that had waterdamage.
[00:27:33] From, being down in new Orleans or somewhere, theflooding occurred. And the guy bought that Tesla because Teslawon't sell the parts to fix the car after the water damage. And sohe ripped out the batteries, ripped out the electric motors and hebought a high power engine. And gasoline and put it into the Teslaand made really, quite a very cool car.
[00:28:00] You can find it online if you want to look for that,it's quite cool. What they ended up doing. It took us quite a whileto do it, but they did it. So now that we're seeing. That nuclearis green. Let's talk about why we've been so afraid of nuclear. Oneof the biggest problems of course is so what do you do with all ofthe waste?
[00:28:20] And that's a legitimate question, but what you'rereally talking about when you ask that question are the reactorsthat went online 50 years ago, or that were approved 50 years agobecause of the regulations. There are. These nuclear plants thathave been provisioned in the last 20 years that are still usingthat old technology.
[00:28:43] So when we get back, we're going to talk about thismore. What about the waste? What our fourth generation nuclearpower plants, how safe are they when they say they're intrinsicallysafe? What does that mean? And how and why? Because I'm predictingto this point that we're going to have to switch back to nuclearand even the European union, if you can believe it agrees with.
[00:29:13] Hey, make sure you take a minute. Go online. Craigpeterson.com. Subscribe to my free newsletter. You can get it rightthere. I send you out stuff every week. And this week is noexception. We've got a bunch of bullet points that if you are in abusiness position, you got to protect yourself immediately. So Itell you how Craig peterson.com.
[00:29:38] So what are these new rules for nuclear energy? Andwhy is it absolutely necessary that we do something like this? Getfourth generation nuclear online. If we can even consider electricvehicles on our roads.
[00:29:55] Things have changed in the European union. They'vebeen trying to figure out how they're gonna handle all of theseelectric vehicles, how they're going to properly handle all of thesolar cells and the wind turbines.
[00:30:09] And there's even some work over in the EU. To get thetide to generate electricity, some very cool stuff. Actually,that's been done, I love tech and I'm into all of this stuff,frankly. I think we should be doing a lot of it. What I don't thinkwe should be doing. Is getting ahead of ourselves. Andunfortunately that's really what's being going on.
[00:30:35] We don't have a grid that can really use theelectricity that we can generate from our windmills, from our solarcells, from anything, frankly. And we cannot. All of thatelectricity that we might be generating and somehow have thatelectricity be stored and used distributed appropriately to ourcharging station.
[00:31:03] And our grid was built and designed to have a fewcentral point where the electricity is made, where it's generatedand then distributed to some pretty specific types of things likehousing, development, businesses, et cetera. You can't just goahead and open a big business man. in a residential area.
[00:31:25] And part of the reason for that is the grid isn't setup for it. You don't have three phase power going into residentialareas or even more than that, you don't have the high voltage, thehigh current, et cetera. So how are you going to be able to quickcharge electric cars in the regular residential neighborhoods?
[00:31:47] I w how about at a hotel? Yeah. Okay. A hotel isprobably. Multiple phases and has a fair amount of power there, butthe amount of strain that's put on the grid by trying to just rapidcharge a single car is huge. So how can we deal with that as well?The quickest and easiest way to deal with it is just put more largepower plants online.
[00:32:13] Some people don't like that. Don't like that idea atall, frankly, but we're not ready. What are we going to do? Look atwhat happened in Texas with a fairly minor reliability or rereliance, I should say, on these windmills last winter and thingswith this winter, as cold as it's been, that could really causesome just incredible problems.
[00:32:40] Nuclear is being reconsidered, particularly fourthgeneration nuclear power plants. The greenhouse gas emissions fromnuclear power are one 700th of those of coal. The nuclear powerplants produce one, 400th greenhouse gas emissions of a gas plant,and they produce a quarter of the greenhouse gas emissions fromsolar.
[00:33:09] Now you're saying, Hey Craig, come on, I get it. Waita minute, solar, how can solar produce greenhouse gas? It does. Andit produces greenhouse gases because of the manufacturingprocesses, as well as of course it off gases. So how do we make allof this stuff work? We all saw the China syndrome and we heard fromexperts like Jane Fonda, how we would all die.
[00:33:34] If we put a nuclear power plant. These areintrinsically safe, power plants much different than they used tobe. Nuclear power frankly is a much safer business than most peoplethink it is. They no longer these new plants produce. The thenastiest what's called high level nuclear waste.
[00:34:00] They can reprocess it right there in the plant. Theycan start in fact where some of the nuclear waste though has beengenerated from the older nuclear plants and get rid of that. It'samazing. So people are asking okay. Plutonium might have ahalf-life of 24,000 years, but it doesn't emit much radiation.
[00:34:23] We get that. How about the higher levels ofradiation? Because some of it can last for hundreds of thousands ofyears. According to the U S radiation expert, Robert Gale for everyterawatt hour of electricity produced nuclear energy is 10. To 100times safer than coal or gas. What it does emit are alphaparticles, which do not even penetrate human skin.
[00:34:54] They've done all kinds of risk assessments and triedto figure out what's going to happen. What can we do? And I'm notgoing get into all the details here, but it is intrinsically safebecause. What really happens is that the, these new plants he'sfourth generation, a newer plant are instead of using water, forinstance, that can do reactors out of Canada, use heavy water inorder to cool those rods.
[00:35:25] It was same sort of thing we've had in the meltdownsbefore they're using a liquid silica inside. They're set up in sucha way that they do not need to have pumps running. So the Fukushimareactor that you might remember in Japan that failed because of thetsunami and the fact that one fact, this is what was their killerthat their electrical generation from the diesel generators wentoffline.
[00:35:56] Why did it go offline? Oh, I can see the grid goingoffline, but how about a diesel generator? If you have a belowsealer, And the water comes in. You're in big trouble now. Theydidn't have it like below, permanently below sea level andFukushima. But when that tsunami wave came in, it was below sealevel.
[00:36:16] They just, man, we could talk for a long time aboutthe problems that they had over there. The nepotism, the line onthe forums. They fact they did not do the upgrades that themanufacturer has suggested on and on. So these new reactors canlose all power and you won't have a China store. They won't gothrough a meltdown and they're even designed in such a way, the wayusing physics things called the law of gravity, who would havethought, right?
[00:36:51] So that what happens in the worst case scenario is noone gets hurt. It just eats in on itself and then stops runs outof. So we've got to remember all of this stuff. Okay. The nuclearpower of yesteryear is not the nuclear power of today. And thenuclear power of today is so green and so safe that even theEuropean commission presented new draft rules that said to thenatural gas, nuclear power, our agreement.
[00:37:29] Fuels for electricity generation. So assuming therules are approved and Francis in favor, Germany isn't as intonuclear power. In fact, they plan on having all of their plantsshut off by the end of 2025, which is crazy because they're alreadyhaving serious problems with their solar and wind.
[00:37:53] And that's why they're buying so much natural gas nowfor. Yeah, American influence dropping over there. Thank you again,president Biden for allowing that pipeline to go through. Allright. Anyhow. They're assuming they're approved Germany.Apparently isn't likely to try and block these rules. It means thatnuclear, the new nuclear force generation or newer is going to beright there alongside renewables, like wind and solar on the listof the EUS technology that are approved for financial support.
[00:38:30] Now, this is very good news because as I mentionedearlier, What happens when it comes to solar at nighttime doesn'twork solar. When it's raining, doesn't work solar. When it'ssnowing, doesn't work solar. When it's cloudy, doesn't work. Ryan,how about the windmills? When the wind is. They don't work whenthey break down, which happens a lot due to mechanical failures,they don't work.
[00:39:02] So having the. New nuclear plants that areintrinsically safe, that don't generate this really nastyradiation, and stuff that we have to store for a thousand years, etcetera. The high level nuclear waste makes a lot of sense becauseunlike the. Solar plants or other things that might be on someone'shouse that cannot be easily controlled by the central grid.
[00:39:32] In other words, Hey, stop generating electricitybecause I got enough right now. And what Germany has been doing isputting it into heat sinks, heating up lakes and other things, toget rid of that extra solar energy people are generating on theirhomes and businesses. What you can do is, Hey, we are at the pointwhere we don't have enough sun.
[00:39:54] It's really cold. People are trying to heat theirhomes, or it's really hot. People are trying to cool to theirhomes. And yet it's raining heavily or there's a lot of clouds. Soall you have to do at that point is turn off. That nuclear powerplant or multiple plants. You see the way it's going.
[00:40:12] You're not going to have some massive plant with abunch of reactors. No. Where they're going with this is to havecommunity reactors in the multi megawatt range that can be put intocommunities and the power distributed directly. Into the communityand these power plants are good for 20 years and these new ones,they are typically going to be buried in the.
[00:40:41] And then every 20 years they get dug up, put onto atruck, shipped off, they get recharged, brought back and you're offand running again, a whole different concept. And I love it. We'restarting to do this in the United States. We've got some earlyapprovals for some of these, and I was shocked and amazed and happythat the Biden administration has decided.
[00:41:06] To approve the new nuclear here in the United States.So there'll be some test plants going online relatively soon. Thatjust makes so much sense. These 50 year old nuclear red regulationsand plants, they just don't work. Make sure you visit me online.Craig peterson.com. I'm going to have a lot of stuff for you everyweek.
[00:41:32] Craig peterson.com.
[00:41:37] The hacker world got turned upside down this pastweek as Russian president Putin decided to crack down on thehackers. Now, this is a very big change for Russia. We're going totalk about my theories. Why did this happen?
[00:41:54] As we keep you up to date, russian hackers have longbeen known to go after basically whoever they want. They havereally gone after the United States and other Western companycountries.
[00:42:10] And as part of what they've been doing, they havebeen making a lot of money and keeping Vladimir Putin pretty darnhappy. He's been a happy because they're bringing more. Into motherRussia, he's happy because they are causing confusion amongstRussia's competitors out there, particularly the United States.
[00:42:35] But there's one thing that Putin has been absolutelysteadfast. And that is not allowing any of the hackers to go andhack any of the countries that are part of their little pact overthere. Think of the old Warsaw pack they got that band backtogether. So as long as they didn't harm any Russian or, aaffiliated country, They could do basically whatever they wantedand they did.
[00:43:09] And they have caused a lot of trouble all over theworld. So Friday Russia. As security agency announced that it hadarrested members of the cyber gang called reveal. Now we havetalked about them for a long time. They have come and gone. The FBIand other countries have shut down their servers.
[00:43:37] So reveal disappears for awhile. Then pops his headup again. And Russia said that they arrested members of revival whowere responsible for massive ransomware crimes against us companiesthe last year. So why would they do that? I'm looking right now atthe Russian website here, that's part of the FSB.
[00:44:06] And it's saying that the Russian federal securityservice in cooperation, the investigation department of theministry of internal affairs of Russia in the cities of Moscow St.Petersburg, Leningrad lips. As, I guess it is regions. They stopthe illegal activities, a members of an organized criminalcommunity and the basis for the search activities was the appeal ofcompetent U S authorities who reported on the leader of thecriminal community and his involvement in an encroachment on theinformation, sir, resources of foreign high tech companies bydrusen militia software, encrypting information and extorting moneyfor its decreased.
[00:44:52] Now that all sounds like the stuff that Vlad has beenjust a happy about in years past. So why did this happen? Whatbrought this about nowadays in this day and age? What is he doing?I've got a little bit of a theory on that one because there havebeen some interesting development. One of them is this hacker.
[00:45:19] In Belarus. Now, Belarus is one of those countriesthat's closely affiliated with Russia friend of Russia, right? Partof the old Warsaw pact. And you might remember that Bella ruse isright there by you. And of course, we've got this whole issue withUkraine and whether or not Russia is going to invade president andBiden said something incredibly stupid where he said, yeah a moralresponse is going to depend upon what Russia does, if it's just aminor invasion.
[00:45:57] You're you remember? The president Biden's sayingthat just absolutely ridiculous. And then of course, the whitehouse press secretary and various Democrat operatives tried to walkthe whole thing back, but it's a problem because Russia has, whatis it now like 120,000 troops on the border.
[00:46:17] Now, if you know anything about history, you knowthat the military army. March on their stomachs, right? Isn't thatthe expression you've got to feed them. You have to have a lot oflogistics in place. In fact, that's what really got a lot of theGerman military in world war two. Very nervous because they saw howgood our logistics were, how good our supply chain was.
[00:46:43] We were even sending them. They cakes to men in thefield that they discovered these cakes in great shape. And some ofthe German armies, particularly later in the war, didn't even haveadequate food to eat. What do you think is happening with theRussian troops that are sitting there?
[00:47:01] They need food. They need supplies, including thingslike tanks, heavy artillery, ammunition. All of that sort of stuff.So how do they do that? They're moving it on rail, which they havedone in Russia for a very long time. You might remember as well inworld war II, the problems with the in compatibility between theGerman rail gauge and the Russian rail gauge as Germany tried tomove their supplies on Russian rails and Soviet rails, ultimately,but on Russian rails and just wasn't able to do.
[00:47:37] So hacktivists in Bella ruse right there next toUkraine said that they had infected the network of Bella Russa'sstate run railroad system with ransomware and would provide thedecryption key. Only if Bella Reuss president stopped. Russiantroops ahead of a possible invasion of Ukraine. So this group, theycall themselves cyber partisans wrote on telegram.
[00:48:11] Now I got to warn everybody. Telegram is one of theworst places to post something. If you want some privacy, excuseme, some privacy, some security it's really bad. Okay. No twoquestions. So they have, apparently this is according to what theywrote on telegram. They have destroyed the backups as part of thepec low cyber campaign.
[00:48:36] They've encrypted the bulk of the servers, databasesand work station. Of the Belarus railroad, dozens of databases havebeen attacked, including, and they name a bunch of the databases.Automation and security systems were deliberately not affected by acyber attack in order to avoid emergency situations.
[00:49:00] They also said in a direct message that this campaignis targeting specific entities and government run companies withthe goal of pressuring the Belarus government to release politicalprisoners. And stop Russian troops from entering Bellaruse to useits ground for the attacks on Ukraine. Now, this is franklyfascinating from a number of different angles.
[00:49:26] One is, it is very easy nowadays to become a cyberhacker. And in fact, it's so easy. You don't even have to doanything other than send N E. And it's been done, frankly. It'sbeen done people who are upset with a, an ax, for instance upsetwith a particular company, you can go onto the dark web and you canfind companies.
[00:49:53] And this revival company was one. That will provideyou with the ransomware and they will do everything for you exceptget that ransomware onto a computer. So you could bring it in to anemployer. You can send it by email to the ax. As I mentioned, youcan do a lot of stuff. And then the. Ms. Cyber hacker guys, the badguys will go ahead now and they will collect the ransom.
[00:50:24] They'll even do tech support to help the people buyBitcoin or whatever currency they want to have used. And then theytake a percentage. So they might take 30% of it. There's a wholelot. We can talk about here too, including trust among thieves andeverything else. It is easy to do this. So to see an organizationlike these cyber partisans, which I'm assuming is an organization,it could be as little as one person taking ransomware, going intospecific computer systems breaking in.
[00:50:58] Because again, even here in the U S how many of ushave actually got their computer systems all patched up to date?The answer to that is pretty close to zero. And they can now goafter a government, they can protect their friends. It's reallysomething. When you start thinking about it, right? No longer doyou have to be North Korea or China or Russia in order to hacksomeone to the point where they commit.
[00:51:31] And in this case, they're not even after the money,they just want these political prisoners freed and they want Russiato stop shipping in troops supplies, into the area in Belarus nextto or close to. Very fascinating. There, there is a whole lot ofinformation about this online. If you're interested, you can readmore about it.
[00:51:55] It's in my newsletter, my show notes. I have links tosome articles in there, but it really is a tool for the under.We've never really seen this before. It's quite an interesting turnin the whole ransomware narrative. It's just in crazy. That's aquote from a guy over at Sentinel one. Alright.
[00:52:21] Lots to consider and lots to know and do, and you canfind out about all of the. One way, subscribe rightnow@craigpeterson.com. I promise. I'm not going to her Hess. Youstick around.
[00:52:38] We've heard a lot about automated cars. And of coursewe talked about them a lot here too, but that original vision ofwhat we would have, it's gone now. It's fascinating. We're going totalk about that journey of automated car.
[00:52:55] To date on technology for years, automakers have beentelling this story about how these automated cars are going todrive themselves around and do just wonderful things for us.
[00:53:10] And as part of that, they've decided that. The wayit's going to work. And I remember talking about this, cause Ithink it's a cool idea is that there will be fleet of thesevehicles think about maybe an Uber or Lyft where you get on thephone and you order up a card and it says, Hey that driver will behere.
[00:53:30] Here's the license plate, the driver's name andpicture. It's really cool, but general motors and Lyft haven'tgotten there. They signed in agreement. To have electric autonomouscars as part of Lyft's fleet of drivers. They did a back in 2016, along time ago. Ford promised what it called robo taxis and thatthey would debut by 2021 Dimeler of course, the company that makesMercedes-Benz said it would work with Uber to deploy fleets oftheir car.
[00:54:12] And the logic was really financial and it made a lotof sense to me, which is why I was so excited. I have car outside.You know about my Mercedes, you. How often do I drive that 40 yearold car? Most of the time it's sitting there parked, most of thetime, because I don't go very many places very often.
[00:54:35] What would it be like then to just be able to have anUber or Lyft type app on my phone that says, okay, tomorrow I havea 10 o'clock meeting in Boston and I want a car to take me there.So the. Checks with the servers and figures out. Okay. At 10o'clock meaning, that means you're going to have to leave at eight30 in order to get around the traffic that's normallyhappening.
[00:55:03] And so we'll have a car there for you. So all I haveto do is walk out the apple, probably remind me, my butt out of bedand get outside. Cause the car is about to arrive. So the car pullsinto my driveway or maybe just stops on the road and the appreminds me, Hey, the car's there I go out. I get in.
[00:55:22] And on the way down, I can work on getting ready forthe meeting, getting some things done, just really kicking back,maybe having a nap as we go. And I'm there on time for my 10o'clock. Just phenomenal. And from a financial standpoint,nowadays, how much is a car costing you? Have you ever done themath on that?
[00:55:44] How much does a typical car loan run you per month?And I also want to put in how about these leases? How many of usare leasing cars? My daughter leaves to Gargan believe she didthat. Didn't leave to me. It didn't make financial sense, but maybethat's just because I've been around a while. But looking right nowat some statistics from credit karma, they're saying us auto loans,new cars, your average monthly payment is $568.
[00:56:17] For an average loan term of 71 months. Good griefused cars, about $400. A month payment and average loan term, 65months. I can't believe that I've never had a car loan for morethan three years. Wow. That's incredible. So we're talking aboutsix year notes on a new car. Wow. I guess that's because people buycars based on the monthly payment, right?
[00:56:49] So figure that out. If you're paying $500 a month,how about just paying a subscription service? $500. You can get somany rides a month and you don't have to maintain the car. Youdon't have to buy insurance. You don't have to make any fixes. Youdon't have to do anything. And the car will just show up.
[00:57:08] That's what I was excited about. And it had some justamazing implications. If you think about it, it city dwell overdwellers and people who were directly in the suburbs, it'd be justphenomenal. And you could also have the robo taxis for longertrips. You can abandon that personal car. Really alternate.
[00:57:31] So now it's been about a decade into thisself-driving car thing that was started. And, we were promised allof these cars, it reminds me of the fifties, we're all going to bedriving, flying cars by. George Jetson one, when was he flyingaround the cities, but that's not happening.
[00:57:52] Okay. The progress on these automated vehicles hasreally slowed automakers and tech companies have missed all kindsof self-imposed deadlines for the autonomy. Look at what Elon Muskhas promised again and again, it's. Basically in 2020, late 2020,it was going to have fully autonomous cars even calls itselfdry.
[00:58:15] When it isn't really self-driving, it certainly isn'tfully autonomous it more or less drives. It stays in the lane asit's driving down the highway. But the tech companies are lookingfor other ways to make money off of self-driving tech. Some of themhave completely abandoned. There's self-driving cars, the sensorslike the LIDAR, and I've had the LIDAR people on my show beforethey've all gotten cheaper.
[00:58:40] It doesn't cost you $50,000. Now just for one LIDARsensor, think about what that means to these cars. So some of thesemanufacturers of these future autonomous cars are shifting to a newbusiness strategy. And that is selling automated features directlyto customers. In other words, you're going to buy a car, but thatcar isn't going to do much.
[00:59:09] Think about the golden key that the tech companieshave used for years, right? IBM well-known for that, you buy amainframe or from IBM or a mini computer from digital equipmentcorporation, and you have the same computer as someone that hasthis massive computer. But in fact the difference is that they turnoff features and we're seeing that right now.
[00:59:34] I'm, I've mentioned that Subaru before where they arecharging people for upgrades, but some of the companies arecharging you monthly to use a remote start feature for instance,and many others. So what's happening is a major change. We have theconsumer electronic show, right? January 20, 20 and general motorsCEO, Mary Barra said that they would quote, aim to deliver ourfirst personal autonomous vehicles as soon as the middle of thisdecade.
[01:00:07] So again, it slipped, right? I'm looking at it, apicture of what they're considering to be. The new Cadillac carthat should be out next year. Maybe thereafter. It is gorgeous.Absolutely gorgeous. But this announcement, right? Yeah. We'regoing to have autonomous vehicles, middle of the 2020s. She had nospecific details at all.
[01:00:33] And apparently this personal robo car project iscompletely separate from this robo taxi fleet that's been developedby GM's cruise subsidiary. And cruise said it has plans to launch acommercial service in San Francisco this year. So they're goingafter multiple paths. The logic here is financial.
[01:00:56] The reasoning has changed and they're offeringautonomy as a feature for the consumer market. Tesla, Elon Musk,they've been charging $10,000 now for the autopilot driverassistance feature. They're planning on raising it to $12,000 hereearly 2022 Tesla technology. Can't drive a car by itself.
[01:01:22] But he's going to charge you if you want it. And Iexpect that's going to be true of all of the major manufacturerthat's out there. And by the way, they're also looking atcustomization, like color changing cars and things. They're goingto charge them as features. Hey, stick around. Visit me online.
[01:01:43] Craig peterson.com.
[01:01:46] Just how secure are our smartphones. We've got theiPhones, we've got Android out there. We've talked a little bitabout this before, but new research is showing something I didn'treally expect, frankly.
[01:02:02] We've got some new research that wired had a greatarticle about last week that is talking about the openings that iOSand Android security provide for anyone with the right tools.You're probably familiar at least vaguely with some cases where theFBI or other law enforcement agencies have gone to apple and triedto have.
[01:02:29] Old break into iPhones. Apples, refuse to do that onein particular, down in Southern California, where they tried to getapple to open up this I phone and tell them who was this persontalking to after a shooting of foul of fellow employees at a. Itwas really something, there was a lot of tense times and we've seenfor decades now, the federal government trying to gain access toour devices.
[01:03:04] They wanted a back door. And whenever you have a backdoor, there's a potential that someone's going to get in. So let'ssay you've got a. And your house has a front door. It has abackdoor, probably has some windows, but we'll ignore those fornow. Okay. And you have guards posted at that front. All in someoneneeds to do is figure out to how to get into that back door.
[01:03:31] If they want to get into your house, it might beeasy. It might be difficult, but they know there's a back door andthey're going to figure out a way to get in. And maybe what they'regoing to do is find a friend that works for that security company,that post of the guards out front. And see if that friend can get acopy of the.
[01:03:51] That'll let them in the back door. And that's wherewe've had some real concerns over the year years here, a decades,frankly, our first, I remember this coming up during the Clintonadministration, very big deal with the. That they were pushing.This was a cryptographic chip that they wanted every manufacturerto use if they wanted to have encryption and the white house andevery gov federal government agency, and probably ultimately everylocal agency had the ability to break any encryption that wascreated by the clipper.
[01:04:30] In fact, we were able to track Saddam Hussein and hissons and his inner circle. Because he was using some encryptedphones that were being made by a company in England. And thatcompany in England did have a back door into those encryptedphones. And so we were able to track them and we could listen in,on all of their communications back and forth.
[01:04:56] And it's really frankly, oppressed. When that sort ofthing happens. So what do you do? What are you supposed to do? Howcan you make it so that your devices are safe? There are some waysto be relatively safe, but these cryptographers over Johns Hopkinsuniversity, Use some publicly available documentation that wasavailable from apple and Google, as well as their own analysis.
[01:05:26] And they looked into Android and iOS encryption andthey founded lacking. So they studied more than a decades worth ofreports. How about which mobile security features had been bypassedhad been a hack. I had been used by law enforcement and criminalsin order to get into these phones. They got some of these hackingtools off of the dark web and other places, and they tried tofigure.
[01:05:59] So we've got a quote here from Johns Hopkins,cryptographer, Matthew Green, who oversaw the research. It justreally shocked me because I came into this project thinking thatthese phones are really protecting user data. Now I've come out ofthe project, thinking almost nothing is protected as much as itcould be.
[01:06:22] So why do we need a backdoor for law enforcement?When the protections that these phones actually offer are so bad.Now there's some real interesting details of if you like thisstuff, I followed cryptography for many decades. Now I've alwaysfound it. Fascinating. There are some lightweight things I'm goingto touch on here.
[01:06:46] We won't get too deep in this, but here's anotherquote. Again, Johns Hopkins university on Android. You can not onlyattack the operating system level, but other different layers ofsoftware that can be vulnerable in different ways. Another quotehere on iOS in particular, the infrastructure is in place forhierarchal encrypted.
[01:07:10] Now higher are hierarchical. Encryption is variouslayers of encryption. If you have an iPhone or an iPad, or if youhave most Android phones nowadays, if you use a passcode in orderto unlock the phone or even a fingerprint or a face. Your method ofauthentication is used to encrypt everything on the phone, but inreality, everything on the phone is only fully encrypted when thephone is powered off.
[01:07:49] Now that's a real, interesting thing to think aboutbecause obviously the phone can't work. If everything's encrypted.It needs access to the programs. It needs access to your data. Sowhat they found bottom line was the only way to have a truly safemachine or a smartphone in this case is to turn it off because whenyou turn it on and it boots up on first boot, now it gets.
[01:08:20] Either by bio medical information, like yourfingerprint or your face sprint or your passcode, it then has a keythat it can use to decrypt things. So apple has on the iPhone,something, they call complete protection and that's again, when theiPhone has been turned off on boots up because the user has tounlock the device before anything can happen on the phone.
[01:08:45] And the is protections are very. Now you could beforced to unlock the phone by a bad guy, for instance, or in somecases, a warrant or an order from a judge, but forensic tools that,that they are using the police and the criminals really would havealmost no luck at pulling information off of your phone.
[01:09:11] That would be useful at all because it would all beencrypted, right? If they could. So once you've unlocked your phoneafter that first reboot molt, after that reboot, right? Youunlocked it after power up. A lot of the data moves into adifferent mode that apple calls protected until first userauthentication.
[01:09:32] But it's what I call after first unlock. So when youthink about it, your phone is almost always in the after firstunlocks. Because how often do you reboot your phone? No, it'spretty rare that your phone might do on. And this is particularlytrue for I-phones might do updates and boot and reboot. And then ofcourse you have to unlock that phone, but it doesn't go muchfurther.
[01:10:01] The net and that's, what's interesting. That's howlaw enforcement and the bad guys, these Israeli companies andothers have been able to get into iPhones and get into Androiddevices because ultimately if that computer is turned on and you'velogged in, there's a lot of data. That's no longer encrypted.
[01:10:22] Oh. And by the way, that's also how some of theseattacks occur on our laptops. Particularly if you traveled to. Inthe memory on that laptop that you close the lid on, you have to relog into is the key to UNHCR, unencrypt, everything, right? Becauseyou logged in once. So all they have to do is freeze the memory,duplicate the memory and put it back in part of the reason, by theway that apple laptops have their memory soldered in you can't dothat kind of attack.
[01:10:56] Stick around. We'll be right back.
[01:11:00] VPNs are good and they are bad. It depends on thetype of VPN. Many of these commercial VPNs of people are using areactually very bad for you when it comes to your security.
[01:11:17] VPNs are Trump problematic. I did a couple of bootcamps on VPNs. Probably I think it was about last year.
[01:11:26] Yeah, it was last spring. And I went through andexplained and showed exactly why commercial VPNs are one of theworst things you could possibly do if you want. To stay secure. NowI lemme just give you the high level here. I have given peoplecopies of this, if you're interested in a link to that VPN webinarthat I did, I'd be glad to send it to you.
[01:11:57] Just email me Emmy at Craig Peterson, doc. And ask mefor the VPN information and I'll send that all off to you. I alsowrote something up that I've been sending out to people that haveasked about VPNs. Cause it's one of the most common questions wehave Franklin, but here's your problem with commercial VPNs?
[01:12:18] Most all of them say, oh, your information safe atzero logging, et cetera. And yet we have found again and againthat's not. In fact, it can't possibly be true in almost every casebecause most of these VPN services are running out of otherpeople's data centers. So they might be in an Amazon data center orIBM or Microsoft.
[01:12:45] And inside that data center, your data is coming inand then it's going to. So let's say you're using a VPN and you'reconnecting to a website. I don't care. Go to google.com via a VPN.So you're using one of these services. That's advertised all overcreation. And what happens now is. Your web request to get toGoogle passes over that encrypted VPN and comes to an exit pointbecause at some point it has to get onto the regular internet.
[01:13:20] How else are you going to get to that website? On theother side? You can't, unless you get to the regular internet. Soat the other side, now the server is that's receiving the end pointof view. VPN is going to send the request to Google. Google isgoing to respond to that VPN server. It's going to be encrypted andsent back to you.
[01:13:43] So what's the problem with that? There's multipleproblems. One is the data center can see. That there is the requestgoing up to Google. Now he might not be able to tell who it was.But if that VPN server has been hacked. And let me tell you, it isa big target for hackers, government hackers, as well as badguys.
[01:14:06] Then they do know who went out there and depending onhow it was hacked and how the VPN was set up, they may even be ableto see all of the data that you're sending back and forth. It'scalled a man in the middle of. And some of these VPN services do itby having you install some software on your computer.
[01:14:28] And as part of that installation, they provide youwith a master key that they then use to spoon. The keys for thewebsites. You're going to some, explain that what happens is if youwere to go right now on your web browser, go to Craig peterson.comas an example. So Craig peterson.com. I'm typing it in right now inthe browser.
[01:14:55] That's directly in front of me. Now you'll see alittle lock up in the URL. What does that mean? If you click onthat lock, it says something about the connection being secure. Areyou familiar with that? What's actually happening is it's using SSLTLS keys, but it's using encryption now to send the data from yourcomputer.
[01:15:24] To my server, that's hosting Craig peterson.com. Andthen my server is sending all of the webpage back to you.Encrypted. Any fact, a VPN has been established between your webbrowser and my web server. So why use a third-party VB? Becauseyour data is encrypted already, right? Could it be more simple thanthat?
[01:15:59] Now, remember again, that the server on the VPMservice that you're using is a prime attack target for everybodyelse. As I said from government agencies through hackers. So yourdata is likely less safe because if they get a hold of it, they cando all kinds of things to your data and to. And then on top of it,all the VPN service may well be selling your data in order to makemoney, to support the VPN service because free VPNs, inexpensiveVPN sees the ones that are charging you five or 10 bucks a monthcannot possibly afford to provide you with that service.
[01:16:51] And in the bootcamp, I go through all of the numbershere, the costs involved. With a VPN service it's not possible todo. They can't make any money off of it. So it is a very bigproblem for you to use one of these public VPN services. Now, Iwant to talk about an arc article that was on Z.
[01:17:19] Apparently your old pole, which is of course thepolice over there in the European nations has seized servers. Whatservers, VPN servers in Europe. Now they seized the servers becausethey were used by who was it? Grandma looking at pictures of thegrandkids. Was it people watching cat videos who was using the VPNserver?
[01:17:45] The paid VPN service. Wow. It was criminals. And whenthey seized these VPN servers that were also being used bycriminals, they found more than a hundred businesses that hadfallen victims to attacks. So who uses VPN services? People whowant to hide something as well as people who just want to havetheir data secure.
[01:18:14] Another reason not to use VPN services. So as a partof the joint action by Europol Germany's police Hanover policedepartment, the FBI, UK national crime agency, and others seized 15servers used by VPN lab dot. Okay. So VPN lab.net net, obviously nolonger usable. And they started looking at all of the records thatwere being kept in these servers and use that to find thecriminal.
[01:18:48] Does that make sense to you? So VPN lab.net wasaccording to these charges, facilitating illicit activities, suchas malware distribution. Other cases showed the services use insetting up infrastructure and communications behind ransomwarecampaigns, as well as the actual deployment of ransomware. You likethat.
[01:19:12] Now they were using open VPN technology, which isactually very good. As part of that VPN information, I can send youif you're interested, just email me M e@craigpeterson.com. Let meknow what you're interested in, and I'll whoop you off an email.Give me a few days I can get behind sometimes, but you can set upyour own private VPN server if that's what you want to do.
[01:19:38] And I've gotten instructions on how to do that inthat little special report in that email, but They were providingwhat they called online anonymity, this VPN lab.net service for aslittle as $60 a year. Okay. You like that? So they provided whatthey call double VPN servers and a lot of different countries andmade it a popular choice for cyber criminals.
[01:20:04] Very big deal. Okay. So be very careful with VPNs.Also be careful of the VPN you might be using for your business.Let's say you've got something that isn't terribly secure or notsecure at all as your firewall, right? So you buy a nice littlefirewall or this is so great. It's not expensive. And I got itonline from a big box retailer.
[01:20:27] Most of them out there do not meet. The minimumstandards you really need in order to keep your business. Andthere's only two companies that do one of them, Cisco, and one ofthem's Juniper, that's it? None of the other firewalls with VPNsmeet the minimal standards you need to have, but those be glad tosell it to you.
[01:20:49] They'll be glad to tell you that it's perfectlysecure, but it is not okay. Just went through that again with acompany this week an engineering firm and at least they understandsome of the stuff, but they were trying to do the right thing andthey were being misled by these various vendors. So this actionagainst VPN lab took place in January involved with authoritiesfrom Germany.
[01:21:15] The Netherlands Canada, Czech Republic, France,Hungary, Latvia, Ukraine, us UK, as well as your old pole. So thereyou go. You've gotta be careful don't trust VPNs, right? I've beensaying that for a very long time. And then the other thing I wantto. Is hopefully this summer we're going to be traveling.
[01:21:40] And when you're traveling, the temptation is to usepublic wifi might be at the hotel. It might be at a restaurantcoffee shop, whatever. Okay. I admit to doing that myself. Buthere's two things you need to be careful with. One use, good DNSfiltering. Now we sell and provide umbrella, which is a Ciscoproduct, which is extremely good.
[01:22:08] DNS filtering. You can get free DNS filtering thatisn't configurable, doesn't have the options, but is fantasticcalled open DNS. I've got, again, I did a bootcamp on that. I cansend you information on it if you want. It doesn't cost you a dimefor any of this stuff, but open DNS. And then the other thing I do,I have a high-end Cisco firewall and VPN.
[01:22:34] So when I'm on the road, even when I'm using datafrom the phone company, I have my secure VPN turned on FIPscompliant, by the way, for those who know what that means. Hey,visit me online. Craig peterson.com. Get my show notes. Get myWednesday, wisdoms everything. Craig peterson.com. It's easy tosign up right there on any page.
