Manage episode 333892859 series 1107025
What's With Those Strange Texts We've Been Getting?
- Hackers Using Deepfakes to Get Jobs
- Autonomous Taxis Block Intersection
- This New Law May Make Your Medical Care Cheaper and Better
- Even the NSA is Being Spied On
- Do You Use the Best Search Engine?
What's the deal with those weird, wrong number texts. This is kind of a really big deal, frankly, when we get right down to it, because we are getting scammed, there's even a special name for these types of scams. and I don't even know what to start with this, cuz it's absolutely crazy.
[Following is an Automated Transcript]
[00:00:18] This is I'll follow on to a scam. Again, if you've been on the internet for a while, you're familiar with the Nigerian scam. You remember that? where there was a Nigerian prince. And of course there's a lot of variations of this scam, but he needed to get his money out of Nigeria. And the only way he could really do that is by using a us bank account.
[00:00:43] And, you know, if you had a us bank account, you could really help him. And sure enough people would respond because he said, Hey, listen, I I've gotta wire some money out in order to gain access to it. And you can keep some of that money. And that amount kind of varied. And most of us kinda looked at that and with, uh, kind of crossed ice and said, what the heck?
[00:01:08] How could this possibly work with anybody? The grammar was so bad. So much of it was just so out of reality, frankly, And really here here's the bottom line. It worked because it was poorly written. people kind of expected, oh my, this is a foreigner, right? You wouldn't expect someone that doesn't speak English as kind of their native language to be able to write really, really well.
[00:01:36] And then when it comes to the whole concept behind it, again, they were looking for people who were kind of on the gullible side that weren't thinking it through all of the way. Well, we're at that spot again, and this is now using text messages and what's. And it's, it's been a pain, right? Uh it's it's annoying.
[00:01:59] So what are they doing and why are they doing it? Well, they're going after you and me in this case, this isn't, uh, let's get tens of millions of dollars from this huge company. It's what can we get from the little. Quite literally, and you know, maybe some small businesses, because those are the people that are most likely to make some mistakes here.
[00:02:24] So what they're doing is sending a text message, trying to get you to engage. So it, it might be a text message. Hey, uh, remember me? Right? There's an example. And, uh, you know, this is so, and so's, uh, doctor's office and checking up on your appointment. I'm looking right now at my, uh, at my WhatsApp list here.
[00:02:52] I'm I'm not a WhatsApp fan, if you want some private communications use signal, but we use it for one of my masterminds. So here you go. This is, uh, Picture of a very pretty young lady and it says, hello, how are you today? Jason? Long time. No, see how's your family that came to me. Right? Course my name's not Jason.
[00:03:13] I know that you know that, but apparently whoever this is, doesn't know that here's another one. Uh, even pretier girl, uh, Dr. David, my puppy moves very slowly and doesn't eat dog food. Can you make an appointment for me? So here we go. That was from, uh, air code 9 0 1 as though that's legitimate. Here's another one you are invited to join the Bitcoin discussion group.
[00:03:39] Reply with the number one click to join another one. Oh, the same message. Different, different, uh, place. Here's another one. Are you Kevin? these, these are all coming into my WhatsApp and I I've been getting some similar ones on my phone, regular one here's one, it says, hello. And I said, hi there. And he said, hello.
[00:04:06] International one, there it's, uh, going on and on and on. And there's a great article from subs stack that I shared this last week. If you have my insider newsletter, you have a link to this article and you can see some of the text messages in there. Now, this is from max Reed. Hi Tony. Remember me? It's been a long time since our last charity gala ended.
[00:04:30] Mr. Wine, sorry for the traffic jam on the road. I may be 10 minutes late. Jason, my aunt tomorrow, I go to the airport to pick you up. You can tell me notes and flights. I have not been able to contact your phone. Uh, Duran, can you tell me how your handmade meatballs are made? It is so delicious. Hello, which is one of the ones I got here.
[00:04:53] And the, and max said, sorry, who is this? Aren't you Kevin? Sorry. I think I added the wrong person. I'm not Kevin. Yeah. You got the wrong number. I usually have a lot of business partners. Maybe the secretary said Kevin's number wrong. I hope you don't mind. No worries at all. I see he was a kind person.
[00:05:10] Acquaintance is fate. Where are you from? You see what happens? They like engaging another one. Hello. Nice to meet you. Who is this? I don't know why I have your number in my address book. Do we know each other? It is my business partner or broad. Who are you? I love traveling. Maybe we met in a certain city.
[00:05:30] Maybe it is a kind of destiny that makes us similar to each other. now you must be a fan of travel. No look at the blue sky and white clouds behind your head. A good day starts in the morning. Good morning. Good evening. The guy sent a few hours later. This is called pig butchering, which is kind of a sad name for this considering the poor victims.
[00:05:57] Um, I had one, I had a call from a radio station down in, not in a television station down in Florida. because one of their newscasters had received a message kind of similar to this. And it was an email and it was sent by someone else in the TV station and it had a phone number embedded in, it said, Hey, you know, text me here.
[00:06:24] We're gonna have a party. I need you to do something for me. So the email came in, looking like it was from the station manager. So, what are you gonna do at that point? Well, so they figured, Hey, listen, uh, I'm gonna ask a station manager. And he said, no, no, I didn't send that email, know what's going on. And I have seen that a lot lately, uh, people who have been faking my email address.
[00:06:49] They use a reply to header in the email in order to kind of fake that it's me. And so they called me up and said, Hey, Craig, uh, we're having an issue down here at the TV station. And could you help us out a little bit? And maybe we can do a story about it, which they ended up doing a story. So I started talking to this person and I used a throwaway phone number on my part.
[00:07:18] So I wouldn't just get. Hassled all the time. So off we go and I respond and their English again was pretty poor, but they said, Hey, listen, we wanna have a party. And I want to get gifts to everybody. And I said, okay, so what's what you want. They said, oh, I I'm thinking what we'll do is we'll get gift cards for everybody.
[00:07:39] So we went through, there was probably two dozen different messages back and forth, and it was pretty obvious that I was messing with them. If. Spoke English I guess, or spoke it. Well, I don't know how much to script these guys are running off of, but they wanted me. To go down to the late, the nearest drug store and buy a couple of dozen $50 gift cards.
[00:08:05] And the idea was, we'll give those out to the other people in the TV station here as we have a little party. And I, you know, I thought, well, okay, where are these guys going with this? Because, uh, that's weird. So they kept asking if I had picked up the gift card yet and I kept making up excuses. Oh no, I had a hot story.
[00:08:22] Come in. You know, we, we got this thing tonight. We gotta make sure it's on the six o'clock news and we kept going back and forth with them. And I finally said, okay, so I'm, I'm heading on out now, um, to buy them. And then, then what do you want me to do with them? And I said, okay, well, take a picture of the front of the cards, each one of the cards.
[00:08:43] And then on the back, scrape off the number. And take a picture of that as well. So you could immediately see where they're going, right? Yeah. This isn't for any sort of a party. They're not giving them away. They want these gift card numbers so they can use them and cash them in. It, it, to me, it was just amazing that they were doing this.
[00:09:02] It was so obvious. We kept. Playing with them there. There's another one called the romance scam, which is another one that, uh, kind of follows along the same lines it's got. So in this case, what they do is try and romance you, and it could be a lot of, uh, older people, right? They're lonely nowadays, a lot of younger people, a lot of divorces going on.
[00:09:26] So they kind of romance you and it, it can take weeks or months, and then they hit you up that a family member of theirs. Corps or something else has to happen. Hey, I'd love to fly to the United States and meet you, but I just don't have the money. And then ultimately you offer to help a bit and send them a few grand so they can come to the us and you guys can meet.
[00:09:50] And won't it be wonderful or yeah, you wire them the $20,000 for the operation. For their relative, which of course, none of which is really happening. None of it's true. Now this is called Shajuan or pig butcher, and it has been a very big deal in China because they string the victim along for weeks, for months before the swindle actually takes place.
[00:10:19] So the idea behind the. Pig B train is that you, the pig are being fated for slaughter. Isn't that just something. So most of the time it ends with people depositing money into gold trading, four X, right? Uh, fake cryptocurrency platforms, kinda like the one I was reading earlier with the cryptocurrency stuff and the common enough in and around China that there's Chinese language YouTubers who stock in trade is identifying and publicizing.
[00:10:58] The scam. So be very, very careful about this stuff. Look at the newsletter I sent out on Tuesday morning, this week, follow up a little bit, read this article from subs stack and be smart about responding or better yet not responding to these scams.
[00:11:16] It's hard enough to get a job nowadays, even with all of the supposedly open jobs and there's reasons for that, we should discuss it at some point. But right now the FBI is saying that bad guys are using deep fakes to apply for jobs.
[00:11:33] Hey, and thanks for all of your notes guys. FBI. This is quite the little article, this particular one's on Gizmoto again, it was in my insider show notes that you should have received Tuesday morning.
[00:11:47] This is a free service of the Craig Peterson show, and it does keep you up to date. It's all the show notes I send off to the radio stations and I use for my radio show on the weekend and you can get them right email@example.com. Just sign. There, and I'll be glad to send them to you. What's happening here is I think very clever.
[00:12:14] Now I've used deep fakes before you've heard me play them here on the radio where I have somebody's voice. And I, I use it in order to, uh, you know, either myself as my voice or it's somebody else. Here's an example. Just so you know, this isn't really me. This is a deep fake that I generated using a special software program.
[00:12:38] So I didn't spend any time editing that, you know, I could fix the tempo, obviously that deep, fake speaks more quickly than I typically do. I used to speak pretty fast like that, but I've slowed down and it is easy to do that. Just took me less than a minute to put. All together that that's how bad it's gotten or, or good it's gotten here.
[00:13:02] Here's another one you've reached the voicemail for Craig Peterson. He's on the road or out of the office right now. So please leave a message and I'll be sure to pass it along. Now that's actually my voicemail. If, if I don't answer the phone or I can't answer the phone and that's not a real person that that's even better than the deep fake of my voice, which I, you know, I had to feed it some audio in order to train it.
[00:13:27] And I had done that a long time ago, but that's just a stock voice that is not a real person. And I can have her say whatever I want. And there are sites out there that'll have, uh, a hundred or more of these. Deep fake voices that you can use. Male voices, female voices, et cetera. So what the FBI is warning about right now is that people are applying for it, positions that are bad guys.
[00:13:58] Real bad guys, like North Korea type bad guys. So the, in in fact I saw an article that said, uh, good luck hiring that new it guy. It might just be somebody from North Korea. So you're used to asking them questions, right? What's your worst quality. Tell me about a problem that you resolved at. Or probably you had with a, a coworker and you know, it's a little bit of a problem here because if you are talking to somebody on nowadays, a lot of people use zoom.
[00:14:31] I try not to. I use WebEx, we have a secure version of WebEx. Uh, we could go into this. I, I talked about it before, how zoom was being routed through China. But I, if the perspective higher kind of sneezes or coughs and doesn't move their lips, or they are not responding the way you'd think they should be responding, it could really be that they're actually not.
[00:14:58] Real. And we've seen stuff like this before. Have you ever seen the movie Simone and it's a simulated woman who was an actress? I, I think we're heading towards that by the way where ultimately the actors and actresses on movies that we watch are just pretty generic. People who are using a face that is owned and copyright copyrighted by the movie studio.
[00:15:25] I, I don't have any doubt about that. That'll be coming at sometime fairly soon right now, but the FBI put up on its internet crime complaint complaint center, just this last week that it's received complaints of people using stolen information and deep faked video and voice to apply for remote. Tech jobs.
[00:15:49] Now that's a pretty big thing to have to say, uh, when you get right down to it here, according to the FBI's announcement, and this is from an article in gizmo. More companies have been reporting people, applying to jobs, using video images or recordings. The are manipulated to look and sound like somebody else.
[00:16:11] These fakers are also using personal identifiable information from other people. In other words, stolen identities to apply for jobs at, in it programming database and software firms. Now many of these companies have access to sensitive information, things like customer data that can be used so they can steal your customers some of your intellectual property.
[00:16:41] it goes on and on. Just think about what they could steal from you. Of course, even cash, frankly. So I it's really not clear how many of these fake attempts at getting a job were successful versus how many were caught and reported. You never really know. Um, But, you know, how far did they get that? They start taking paychecks, et cetera.
[00:17:04] It's uh, it's a fascinating problem. So what do you do? Uh, the FBIs among several federal agencies. That's warning now of. People working for north Korean government who are applying for these remote positions. So be very, very careful about that. And it's not as easy to detect a fake videos as you might think.
[00:17:28] And that's particularly true if you're not looking for it. Artificial intelligence that is designed. To detect fake video. These deep fakes has accuracy from 30 to 97%. They have set up AI that compete with each other. One makes deep fakes. The other one tries to determine if it's a deep, fake or not, and they get better and better and better both sides over time.
[00:17:56] But there's ways that you can detect the fake video. And there are some visual glitches that you can keep an eye out for, like shadows that don't behave like. They should skin texture. That doesn't seem right the hair. Right. You might have noticed that in movies before, it's a kind of a, a, a glitch, if you will.
[00:18:18] Uh, water is a big one, but you're not gonna see that in a, an interview for someone looking for a job, but just like any other. Crime. If you see something like this online, if you are scammed and I'm helping a, a young lady, actually, a couple of different people right now that I think of it. Uh, who are I in the process right now of trying to recovers?
[00:18:44] Monies that were stolen from them. And one of them is actual cash that was stolen. The other one was cryptocurrency that was stolen. And the first thing you should do is go online, which is IC three.gov IC. three.gov. And this is the internet crime complete complete center. And you can file right there. If you think you've been a victim of an internet crime, you can also file on behalf of someone else you think has being a victim.
[00:19:19] And it has a lot of information that's asking from you. It has a whole form online they're they. The name of the victim address, telephone number, email, of course, financial transaction information, et cetera. The reality of it is they are very unlikely to do much about your individual case. If it's over a hundred thousand dollars involved, then they'll probably pay a little bit of attention to it.
[00:19:48] What they'll do is try and see if there's other people that have. Conor had stuff stolen from them in much the same way so that they then use that in order to put together a bit of a bigger case. But there are so many, so many of these things out there. Uh, but anyways, that's the way you want to go. Is I see three.gov.
[00:20:16] Keep that in mind because, uh, right now half of us are likely to become victims this year. That's how bad it's gotten. Make sure you get my weekly newsletter. My insider show notes. The free newsletter has so much great information to help you out. Craig peterson.com. And if you have a question or there's something you'd like me to talk about on the show, email me.
[00:20:44] I'm sure you know about Tesla and their automated systems for driving assist. Right? Well, cruise Chevy cruises are out there on the roads in San Francisco. And have we got a story for you?
[00:21:00] If you have any questions, drop me an email. firstname.lastname@example.org. We have in some states seen a lot of active autonomous vehicles.
[00:21:14] I'm sure you heard about the accident that happened out in New Mexico and a lady with a bicycle was hit and killed a. By one of these autonomous vehicles that are being tested. Yes, they are out on the road and it is really in limited cities and states. No question about that one, as they try and figure out how can they make these things be reliable?
[00:21:39] Cause that's ultimately what we want here. When I'm in my eighties, I would love to have an autonomous vehicle to show for me around heck I'd love it when I'm in my twenties. Right. Uh, it just makes a whole lot. Sense, but that technology is not here yet. It's kinda like all of these government programs that are trying to make our electric vehicles, et cetera, be the wave of the future, which is true.
[00:22:05] They probably will be, but we're talking, uh, I'm really not in my lifetime. If not in any of our lifetimes, this will take decades to get this all done. We gotta build a whole new grid. We've gotta make sure we have reliable sources of electricity. And that might mean we need new battery technology. What some companies have been doing is for instance, out in Las Vegas.
[00:22:30] It's cheaper to get electricity at night, which makes sense because you and I are asleep and businesses for the most part, industrial and otherwise are, are shut down. So here we are at nighttime having a good nap. So what do some of the, uh, casinos other places in Vegas, or are there hot areas around the country?
[00:22:50] Do well, some of them have installed a massive. Pool of water with chillers in it. So at nighttime, they go ahead and freeze all of that water. And then in the daytime, they use that ice in order to cool the air. So they're saving money. It's it's one way of storing energy. Another way that we've seen around the world is they use a.
[00:23:18] Now, you know about that, you know, you've got the water pressure and it drives a turbine that then drives a generator, an alternator, and then that produces electricity. Well at nighttime, they run them in reverse. What they're doing is they take water and they pump it up into the reservoir when the electricity is cheap or the demand isn't as high.
[00:23:43] And then during the daytime, when the demand goes up, they reverse that process. And the water now behind the dam just goes through the normal method of creating electricity behind a dam. So that's another way to store. Electricity or to store power. Neither one of those ways is particularly efficient, but it is efficient enough that it's cheaper than having to buy a peak demand, electricity.
[00:24:13] So we could talk about this for a long, long time, but we're talking right now about this cruise system failure. There were, what was it like four or five cars? I'm looking at an, a, uh, article that was in my weekly insider show notes on Tuesday morning. that you can get for email@example.com. Just sign up right there.
[00:24:39] And this one is from the last driver license holder. Dot com kind of a cool name for somebody that follows these autonomous vehicles and these vehicles are all quite amazing cuz they're using the right technology, frankly. I'm not convinced that Elon Musk and Tesla are using the right technology. They are from a cost standpoint, right?
[00:25:04] It's way cheaper to have some cameras and have a couple of high speed computers on board. But it is not as effective as what's happening here, where they're using LIDAR, which is a laser radar, as well as in some cases using radar, they all have cameras on them. You should see the setup on the top of these cars.
[00:25:26] It it's probably 50 grand plus worth of sensors. On the car. So you're more than doubling the, the value, the cost of the car. So crews had a system failure and it is a problem. Now we've been saying Chevy Cruz. I'm looking at it right now. I don't know that it's the same guys. I'm thinking this is not Chevy.
[00:25:51] This is a different company. Okay. Sorry about that. But, uh, there's, there's two vehicles in this family. There's the poppy. And, and, uh, there is another one out there. I'm trying to remember what they called this thing. Uh, let me see if I can find out on the website anyways. A couple of cute names. Oh yeah.
[00:26:11] Poppy and the toda. And they've got others that are ready to roll that are ready to be out there on the streets. okay. There's another one called burrito. So they're out on the streets. They are driving themselves in the they're cabs. There's in fact, uh, lots of them on the streets in San Francisco and a dozen of them just over a dozen robot.
[00:26:36] Cabs that blocked an intersection in San Francisco for two hours before cruise employees were then able to arrive and drive them away manually or remotely in some cases. Uh, so Cruz gave this rather vague information or press release. They said we had an issue earlier this week that caused some of our vehicles to cluster together while it was resolved and, and no passengers were impacted.
[00:27:06] We apologize to anyone who is inconvenience to anybody, trying to get through the intersection. However, in further reports, it's clear, this is not the first time it's happened, nor is this type of behavior by vehicles. Something that's completely unknown. We saw one a couple of weeks ago or a couple of months now actually.
[00:27:28] That I, uh, talked about on the radio, where there was one of these autonomous vehicles, the police were trying to pull it over. It finally decided to pull over in an area, uh, right at the side of the road and the police car, I guess the car was expecting the police car to just pass it. Right. It was trying to get somewhere it wasn't trying to pull me over.
[00:27:51] And so they, it stopped. The police officer did not pass the car. It got right behind it and got, he got out of the car and walked up and looked in. There's no driver. And then all of a sudden the car took off on him again. And then the car was apparently looking for a safe spot by the side of the road. So it drove up the road a little bit.
[00:28:14] To where there was a, a, a nice kind of pull off area and it pulled over and stopped. Now the same type of thing happened here that on the display were the following sentences on. So you looked in the window, these people were looking in the window of these cabs that were pull, blocking this intersection over a dozen of them in San Francisco, and just said, pulling over to a safe stop.
[00:28:40] And then it also said something happened on your trip. A support specialist will explain what to do next. And of course it just didn't show up. There's also a telephone number for emergency responders to call in order to help rectify the situation and the number then also states the self-driving mode has been switched off and I'm, I'm looking at it right now.
[00:29:03] It's got kind of a. Grid and these messages on it, first responders should contact crews at, and it gives a toll free phone number. And it says a crew support specialist is on the way to help in person. And as it turns out they were, but it took a couple hours for them to show up. And it says we parked the car while the issue is resolved.
[00:29:24] So in other words, the cars got kind of confused, trying to figure out what to do. They were at a, an intersection and I don't know if they lost connection to the internet or what, but having a dozen of them failed at the same time makes me think that it was something outside of the cars that made this, uh, happen, frankly.
[00:29:43] So expect this to happen more and more. I'm glad it's happening in San Francisco and not in my hometown, frankly, but there've been cases where the primary and backup services have been down. So there's no way to communicate with the vehicles, get any information. It. Specifically and directly violates the terms granted by the DMV.
[00:30:07] Interesting stuff stick around will be right back a lot more to talk about here, about health insurers and a new law.
[00:30:19] The internet promised us a whole bunch of transparency information access. While as of July 1st health insurers and self-insured employers are now required to do something that should have been around a while.
[00:30:36] This is a moment that is going to be remembered by a lot of people, particularly in the medical healthcare business.
[00:30:45] I've been just shocked sometimes at how much. We get charged for some things. I'm also just amazed at what great medical care we have here. My family, most of them live in Canada and I have horror stories from pretty much every member of my family in Canada, about how terrible socialized medicine in Canada is.
[00:31:13] I mean, Terrible. Now you might know that I was a volunteer EMT. I D P uh, you know, basically a paramedic for about 10 years in my hometown. And we took care of a lot of people. I was, as I said, volunteer, it wasn't a call department. We didn't get paid a dime. We had to provide our own equipment and transportation, everything else.
[00:31:37] Right. So true volunteers. And I got to see some interesting sides of medical care here in the us. And as I kind of an exchange program, got to see some of it in Canada, as well as talking with people and the, the horror stories I can tell you about my family is just incredible. My, my brother was using a table saw and the wood kicked back and ripped off one of his fingers.
[00:32:09] This is in Toronto Brampton to be exact, just one of Toronto's many suburbs. And so here comes the ambulance and he sat in the back of the ambulance. They were driving from hospital to hospital. They couldn't even reach the hospitals beforehand to find out who might take him. And he was holding his severed finger in his hand for three hours, driving around in the back of the hospital before they could find somebody to re a hospital to reattach his finger or do something right.
[00:32:44] He actually says he wishes they hadn't reattached him. You, you wouldn't believe what they did to him and, and his finger. Uh, my father had a heart attack. Right there, Toronto, right? The biggest city in the country. And, uh, he has a heart attack and he's driving around for hours in the back of an ambulance before anybody will bother to have a look at someone who is in the midst of a heart attack.
[00:33:11] Now we're, we're lucky he didn't die. My grandmother, they would not give her medication for her atrial fibrillation. My grandfather. They had called and told his doctor, my mother did this when she was visiting him, that his foot was, uh, looking really bad and she was worried it would get gang ness. So they set up, uh, an appointment six months out.
[00:33:36] She said, no, no, no, no, no. No, it it's go it's gang us. Uh, you know, pretty soon here we gotta do something. So since it was an emergency, they, you know, they set it up for six weeks out and he ended up having to have his whole foot amputated. Um, so don't ask me about socialized medicine, unless you want to hear even more.
[00:33:54] Horror stories it's really, really bad. And just like, uh, schools, public schools in most states costing somewhere around $12,000 a year per student, and yet private education costs a fraction of that, like less than half in almost every case. Uh, You know, which is, which would you rather do send your kid to a private school that, uh, you know, education's probably better.
[00:34:22] I don't know. It's cheaper, so it's probably not as good as public school education. He said with his tongue firmly planted in his cheek, or do you wanna send him to the public schools? Anytime you get government involved or any big organization efficiencies start dropping, but particularly with government cuz they don't have competition and they will point guns at you.
[00:34:47] If you don't do what you're told ultimately right. As you get arrested. So, uh, what's happening here I think is a plus a very, very big plus I am a member of a health share. And so what we do is instead of having health insurance, we help each other pay our medical bills. So one of the things we're supposed to do when we go in there is ask for a self pay discount.
[00:35:16] So, this is a kind of an interesting thing, because what I have found is that the self paid discount shaves off. Typically at least 50% of the cost. If you look at what Medicare will reimburse hospitals, For, or doctor's offices again, it's a fractious way, less than half of what they want to bill you for.
[00:35:40] So they, the hospitals in other places will take people who don't have insurance and you can charge, uh, it'll charge you a whole lot less. It's kind of the bottom line here. So what does that mean to you and me, if you can tell in advance. What the costs might be. And I'm firstname.lastname@example.org.
[00:36:08] And they're talking about one of these people who needed to have some, uh, medical care here in x-ray. And you saying that you can see that you can do it for 250 at the hospital, but if you go to the imaging center down the road, it's 75 bucks. or a specialist might be able to do it in their office for 25 bucks.
[00:36:32] What a difference, say a 10th of the cost and that is not abnormal. So what this law is now requiring. As of July 1st is that health insurers and self-insured employers must post on websites pretty much any price they've negotiated with providers for healthcare services item. By item. But the only things that are excluded from these price lists are prescription drugs, except for those that are administered in the hospitals or doctors' offices.
[00:37:09] So this is now federally required data release, and I think it is going to affect future prices because even if you have health, Insurance looking at these numbers is going to ultimately save you money because your monthly health insurance premium could be less. If the health insurance company isn't having to pay as much for all of this stuff, right.
[00:37:32] You, you see how that works. So it's to everyone's advantage. And when you start doing the math. you're talking about trillions of records that are gonna be published. Every physician in network, every hospital, every surgery center, every nursing facility, and every last charge that they have, this is gonna take a little bit of time.
[00:37:57] Isn't it? And the federal government is going to be imposing penalties for non-compliance. And they are going to be Heier than penalties that many hospitals are facing. If you are a small provider, uh, basically insurers self-insured employers could be fined as much as a hundred dollars a day for each violation.
[00:38:23] So let's say you have hundreds of procedures that you could potentially do a hundred dollars a day for each one of those procedures that's not listed or properly priced. Yeah, this could be millions of dollars, very fast for individual organizations, you know, per usual, right. Government is, is just power and they don't consider everything.
[00:38:46] They well, we had a hearing on, well, really you think everybody can attend a hearing that might be affected by this it's it's anyways, I'm not gonna get into that anymore. Right? It's not one of those days. Um, but these databases are gonna be enormous. Most people are gonna find it very hard to use the data in ways that are really going to help them or affect them.
[00:39:09] At least at first here, ultimately I think it's going to be something that we can use certainly is gonna be something that these, uh, PPOs and HMOs are going to be using to figure out where you should go in order to get. Something done or to buy something. And the biggest value of this July data release may well be to shed light on how the different insurers are able to negotiate prices with their providers.
[00:39:46] No. That's interesting. This article on K hn.org is saying that a recent study by the Rand corporation shows that employers that offer job based insurance plans paid on average. I hope you're sitting down here. Okay. This is employers. What do they pay? 224% more than Medicare for the same services.
[00:40:10] Fascinating. Isn't it. Tens of thousands of employers who buy insurance coverage for their workers will get this more complete pricing picture, which I think is really good. There's a whole lot of information here. If you want to find out more about it, just look at this, week's a newsletter, the insider actually show notes.
[00:40:29] I've got a link to this article. There is a lot of detail here. If you are a medical provider of any sort, if you work in a doctor's office, you are going to want to make sure you peruse this. I know most people I've spoken to in the medical business just aren't even aware of this yet. Although I think a lot of the hospital to the bigger organizations are aware of it, but.
[00:40:53] This is, uh, this is gonna be interesting. Uh, the people ultimately you make your medical choices based on money, or maybe it's based on who the doctor is and the bedside manner, and maybe the manner of their staffs. There's a lot of reasons other than price that people choose different medical providers.
[00:41:17] And, uh, and this is going be interesting. So check it out again as in my newsletter this week, uh, K hn.org. Great little thing. Uh, there's also a problem right now with attacks on routers. This is really bad. It's called zero rat. It's a remote access Trojan and it's probably a sophisticated nation state, and it's very, very bad.
[00:41:47] It, it is affecting these routers, these cheaper ones, net gear, SES. There's. Cheaper, Cisco ones, uh, day tech, many others, but what they do is they take over that router, the edge of your network, and then the malware takes full control of connected devices or running windows, Mac OS. And Linux, according to researchers, just within the last couple of weeks, high level of sophistication.
[00:42:18] Hey, make sure you get that insider show notes that I mentioned here a few times today, Craig peterson.org or com, I should say Craig peterson.com. And also if you have any questions, just email me, me, Craig peterson.com. And I will try and get back with you. Take care.
[00:42:39] You're worried about surveillance. Hey, I'm worried about surveillance and it turns out that there's a secretive company out there that to prove their mustard hacked the NSA yeah. Fun thing.
[00:42:56] This is a company that is kind of scary. We've talked before about a couple of these scary guys.
[00:43:03] There's this Israeli company called NSO group. And this is ANSO group is absolutely incredible. What they've been doing, who they'll sell to these. Guys are a company that sells cell phones, smart phone exploits to its customers, and they alleged to have sold their software to a variety of human rights abusers.
[00:43:34] We're talking about NSO group coming up with what we would term kind of a zero day hack against iPhones against Android phones against pretty much anything out there. So in other words, a hack that no one's ever seen before, and then use that in order to get into the phone and find information. They've used things like the, I think it was WhatsApp and video that was sent and use that.
[00:44:03] To hack Saudi Arabian phones. You might remember Khashoggi this, uh, so-called journalist, I guess he kind of was who apparently was murdered by them. Right. Big, big problem. So this Israeli group. Yeah. Yeah. They sell to anybody that's willing to pay. At least that's what the allegations are. I've never tried to buy their stuff, but yeah, they're assisting government with hacks with.
[00:44:32] Ultimate in surveillance. Another one clear view. We've talked about them on the show before this is a company that has done all kinds of illegal stuff. Now, some of it's, uh, technically not illegal. They're against the terms of usage, what clear view has done. And now they've gotten involved in this Russian Ukrainian.
[00:44:56] War that's been going on here. They've gotten involved with a number of legal cases in the us. What they did is they said, okay, well, great. Let's do something. Well, you remember Facebook, right guys. You've heard of that before. And how Facebook got started muck Zuckerberg. muck, uh, went ahead and stole the pictures of the women that were in Harvard's catalog.
[00:45:26] Right now when I say catalog, okay, this isn't like a catalog of women, you know, order one male order type thing. We're talking about their index, their contacts, right. There is a catalog of all of the students that are there in the school. So Zuckerberg goes and grabs those against policy. Okay. Maybe it wasn't strictly against policy at the time.
[00:45:48] And then he puts up something. Called the Facebook where people can look at a picture of a girl and decide whether or not she should get a five or a 10 or a one. Right? Yeah. That sort of stuff, abusing people that that really is abuse. I, I can't imagine. The way people felt had seen their ratings by people that didn't know them, that somehow their Def definition of beauty really defined who they are.
[00:46:18] It's it's crazy what the stuff he did. Right. So he started his business by stealing stuff. Microsoft started his business by what. Well, by going ahead and misrepresenting, some would say lying to IBM about what he had as far as an operating system goes right. A again and again, and again, we're seeing dishonest people getting involved, doing dishonest things to get their companies off of the ground.
[00:46:44] And I have a friend who's an attorney who says, and Craig, that's why you will never be wealthy because you just wouldn't do any of that. So clear view is another example of these types of companies. In this case, clear view, went to Facebook and crawled any page. It could get its little grubby crawlers on.
[00:47:07] So it found your public fab, Facebook page. It went all. Over the internet. There's a number of websites. Some are outta business now, but that you upload your pictures too. You people can rate them, can share them. You can share them. Hey, you got your own photo gallery here that you can share with friends and a million other people, right.
[00:47:29] That that's what ended up happening. That's how those guys made the money. Right? They're selling you on, Hey, you can look at how convenient this. And you can have your own little, uh, photo gather gallery and you can take that full photo gallery and, uh, share it with your friends. And then if you read the fine print, it's Hey, and we'll make money off of showing your pictures and showing ads.
[00:47:51] Well, Clear view went and scanned every website. It could get its grubby little scanners on crawled through the mall, downloaded pictures of any face that it could find. And then went ahead and digitized information about people's face. So it spent years scraping and then it put together its technology, facial recognition technology, and went to the next level, which is, Hey police department, get my app so you can get the clear view app.
[00:48:31] And you encounter someone, you can take a picture of them and upload it, which now gives them another face. Doesn't it. And then once it's uploaded, it'll compare it and it'll say, okay, found the guy here he is. So with the Russia Ukrainian war, what they were doing is taking pictures of, of dead and injured, Russian soldiers, running them through this database online of all of these faces found out who they were and went so far as to use other.
[00:49:04] Stolen data online. Now this is war, right? The whole thing is crazy, but the stolen database online found out who their mothers were, the phone numbers for the mothers and have people all over the world. Sending text messages to mom about their dad's son. . Yeah. Okay. So Clearview sells it to police departments.
[00:49:29] They sell it to, um, pretty much the highest bidder they say, Hey, listen, we don't do that. Come on right now. There's other data brokers. And I've had a few on my show in the past who are using harvested information from phone apps to provide location data. To law enforcement so that they can then circumvent.
[00:49:54] What, what, well, you have a right to privacy. Don't you it's codified right in the bill of rights, those first 10 amendments to the us constitution. And it was also. Uh, defined by the Supreme court's carpenter decision. So we have protections in the constitution, natural rights that were confirmed by the Supreme court that say, Hey, the federal government, you cannot track all of the citizens.
[00:50:26] You can't track what they're doing. You can't harvest their information. And yet at the same time, They go to the data brokers that have put together all of these face pictures, figured out who your friends are, you know, you know, you sign up for Facebook and it says, Hey, you want me to find your friends?
[00:50:45] See if they're already on Facebook, just, just hit. Yes. Here, not blow your contact list. So up goes. Facebook says, oh, look at all your friends. We found isn't this exciting. And in the meantime, in the background, Facebook is looking at all of this data and saying, ha, we now know who your friends are. And so many people have wondered, well, wait a minute.
[00:51:07] I didn't talk about, um, I, I didn't do a search for product X online, and yet I'm getting ads for product X. Well, did you mention it to a friend who might have done a search for it? Because these search engines, these companies like Facebook know who your friends are, what they're interested in, and they'll sell ads to people who are going to promote to you the same items they're promoting to your friends.
[00:51:33] Right? It it's absolutely crazy. So this company. It's called a six and they're very, very quiet, very low key. The website doesn't say anything at all, but they took their software. That's pulling all of this data together and compiling it and. And a six pointed all of this technology towards the national security agency and the C I a and Jews, their own cell phones against them.
[00:52:08] Now, why did they do this? They didn't do it to prove something about how, you know, you shouldn't allow this sort of thing to happen and they didn't do it to prove that man, we gotta have tighter controls because look at what we can do if we can do what other people can do it. No, no, no, no. According to audio, visual presentations and recordings of an Asics presentation reviewed by the intercept and tech inquiry.
[00:52:37] Asics claimed that it can track roughly 3 billion devices in real time. That's equivalent to a fifth of the world population. You're not gonna find anything out about a six it's called anomaly six. Good luck online. If you find it, let me know email@example.com. I'd love to know more about these guys.
[00:53:00] The only thing on a website for them is email address and a six anomaly six in that presentation showed the nation spooks. Exactly what a six knew about. All right. Uh, apparently a six is also ignoring questions from journalists and will only respond to emails from people in upper levels of federal agencies, which means, and maybe this is a supposition from our friends over at tech dirt.
[00:53:36] I don't know. But there, what that means is they're looking to sell your information in real time. To the feds to get around the carpenter decision and the constitution just absolutely amazing. Hey, go online right now. Craig peterson.com. I'll send you my special report on passwords and my two other most popular Craig peterson.com.
[00:54:03] Stick around.
[00:54:07] Have you ever wondered about search engines? Which ones should you be using? You're not alone. It's probably the number one question I get from people. What should I use? Well, Google is falling behind, but we're gonna talk about the top engines and the whys.
[00:54:25] Google has been an amazing company moving up. Of course, you know, we were just talking about the cheats.
[00:54:33] So many companies have taken over the years and Google has certainly had its share of cheats. I haven't seen anything about them just doing completely underhanded things to get started. I think. They were pretty straightforward. They had a great idea back in the beginning, where they were just looking at links, how many sites linked into this one particular site?
[00:54:59] And that gave this concept of a page rank. Very simple, very easy to do, of course of problems with that. Because you would end up with pages that are older, having more links to them, et cetera. And they have over the years really improved themselves, but we also have some other problems right now with Google.
[00:55:24] If you do searches on Google for a number of different top. Uh, and you'll, you'll see that really Google search quality has deteriorated in recent years. We've talked before here about some of the problems with Google and elections and how they have obviously gone out of their way to influence elections.
[00:55:47] There a study down in done in orange county, California, or at least about orange county, California, and an election down there showed that Google had a major influence on that election and also tilted it a certain way on purpose. Absolutely amazing. So that's one way Google has kind of fallen behind, but you can.
[00:56:10] at all kinds of searches and hope you're gonna get a great response. And you don't have you noticed that it's gotten worse and then on top of it, you're starting to see more ads squeezed in it is not great. Uh, I have used it. A course for programming. In years past, before that I liked altar Vista, which was a digital equipment corporation product altar Vista was pretty darn good.
[00:56:38] And you could use boo and logic with it. Google says, well, you can use bullying with us, but it it's not the same. It's Google's is very, very simple. But at any rate they have not made any. Leaps here going forward. It it's been absolutely amazing. So let's go through the search engines. I'm gonna give you right now, the pros and cons to some of these search engines out there.
[00:57:04] So we started with Google. It is the 800 pound gorilla. And in case you didn't know this number two overall search engine is YouTube. Okay. But let let's stick with straight searches, not video searches. So what is great about Google? Well, one of the big things is they like fresh content. So if you're looking to do search engine optimization for your business, you are best off having some Keystone pages.
[00:57:37] So having these pages that are. Kept up to date. So you might have a page on whatever it might be hacking VPNs, right? Uh, and you make sure you update it. Cuz Google does favor the fresh content. They rank blogs and. Services, which is really nice and they're accessible in any device. They have apps. They work well on a browser and I'm I'm right now, I'm firstname.lastname@example.org on the best search engine.
[00:58:08] So you'll see some of this information there. What. They don't like about it is the same thing you don't. Right? Which is, it collects all kinds of data on you. They also have hidden content that, that, uh, might damage your ranking as a business or someone who has a website and the search deliver. Too many results, you know, you see millions of results.
[00:58:37] Well, yeah, there probably are millions of results for a single search, but what I want are the really relevant ones and Google learns over time. What kind of results that you want, which is kudos to them, but they are tone deaf sometimes, frankly as well. Okay. Our number two on our list of top eight. Is duck dot go.
[00:59:00] Now I've been talking about them for quite a while, and some people have been kind of disparaging duck dot go lately. And the, the reason is they say, well, those search results maybe are a, a little wrong, right? They are, uh, maybe student little. Cing not as much as Google does, but some, email@example.com is where you'll find them online named after that kid's game.
[00:59:30] Is a privacy search engine. So it is not tracking or storing any information about you. That's a very big one. Their searches are very fast, but their backed, the actual backend search engine is Bing. Which is Microsoft. We're gonna get to that in a couple minutes here. That means that if Microsoft is deciding to do some waiting on search results, based on their political views, then that's gonna show up in duck dot go.
[01:00:03] But it's nowhere near as bad. And I've talked about it on the show before we've done some examples. So it is also now giving you the option to restrict your searches to the last month worth of results, which is really nice. That keeps a little more up to date. They also aren't graded image searches, no personalized results, and it is free, which is nice.
[01:00:27] You might also wanna look at quant Q w a N T. If you're looking. A private or privacy browser quant is a French company, but it, it does English as well. Okay. English results. They like the older and well-established web pages, they rank home pages. They do not rank blogs. They crawl all kinds of hidden content and non hidden, equally, unlike Google, which is really great.
[01:00:59] Uh, Bing is not great at forums. As I mentioned blogs, they're not as fast as Google. And they have some seriously heavy search results, screened dog pile they've been around for quite a while. You might want to check them out. They have something called fetches and favorite fetches. So you can have a home screen when you go to dog pile and you'll see right there.
[01:01:26] Uh, your favorite searches and they're right there for you. You can just keep going to them. They use multiple databases so they can get broad results, multiple backend search engines, and there's no home screen personalization available with it. And lots of sponsored results, which isn't a real big deal, but you'll find them firstname.lastname@example.org, Google scholar search.
[01:01:50] I've used this a number of times. If you are looking for scholarly articles, it is really good. You can get citations and various styles. If you are working on your master's PhD, whatever it. Be, and they're imposing a style in the document that you're writing, so you can put it into the bibliography. And, uh, they, they got a lot of great stuff.
[01:02:14] Google scholar you'll find email@example.com. Web EDIA search. It focuses on technical terms and applications, which is kind of good, friendly to non-tech users. And it is only searching weed's 10,000 word and phrase database. So that's pretty good. To, uh, to understand too Yahoo search, they have a home screen has news trending topics I I've used Yahoo of course is not what it used to be, but it does have everything right there.
[01:02:52] Even your horoscope. And the ads are not marked out clearly. And then there's the internet archive search. This is actually a site that I fund. I, I donate money to them every month and you'll find firstname.lastname@example.org, but it is really, really cool. You can search based on timeframes again, if you are doing papers, if you are a journalist, et C.
[01:03:19] You can find what was the internet like? Or what was this webpage? Like? What was it like around hurricane Katrina in 2005, right there. We'll find it email@example.com. Hey, stick around. We'll be right back.
[01:03:37] You already know that hackers are coming after you we've talked about how they are out there, scraping web pages, putting together stuff. Well, I wanna bring up again, the Ukraine, Russian war and Russia leaking data like a S.
[01:03:54] Hi, if you've ever wondered who I am. I'm Greg Peterson. We met before. I'm your chief information security officer, well, Russia, Russia, Russia. It, it is of course in the news again, it seems like it's been in the news for how long now, six years, maybe longer in this case, we're gonna talk about what the hackers are doing because they're not just doing it to Russia.
[01:04:22] They're doing it. us. And it's a problem. We're gonna explain why you've heard of doxing before do XX. I N G to docs someone, which is basically to find documentation about people and to release it. That that's really a part of it, frankly. So you've seen some political operatives who have gone online and, and docked people.
[01:04:50] For instance, uh, one of them is libs of TikTok. You might have heard of that one, and this is where they take all of these crazy things, that crazy people, uh, on TikTok, go ahead and publish and just put excerpts of them together. They don't like cut it up to make them look crazy. No, no, no. They let them be crazy.
[01:05:12] All all by themselves and put it online. So some libs decided, Hey, we don't like this. And, uh, a so-called journalist who had been complaining about doxing before that shouldn't be done and it's unethical. It should be illegal. Yeah. What does she do? She goes and docks. The lady that was running libs of TikTok and I, I, it just, it blows my mind here.
[01:05:44] How can these people be so two faced? They really are just crazy, crazy two-faced. So she went ahead and did what she said should never be done. And I'm sure she had some form of justification for it and put it out online. So, uh, online comes this lady's home address her name. Kinds of stuff and that's available online right now.
[01:06:10] Now you might wanna try and do something that I've done before, which is, if you go to one of these data brokers, you see ads for these things, right? Like a, do a search for yourself with us. And have a look at how accurate that information is. When I looked last time I looked cuz I had a few data brokers on the radio show.
[01:06:32] I would say less than a third of the information that they claimed was information about me was actually accurate less than a third, frankly. And I don't think that's a particularly, what's the word I'm looking for, but. unique situation. Let me put it that way. I don't think it's unique at all. I think they get a lot of it wrong because remember, they're trying to piece together this piece together that and put it all together.
[01:07:03] So you, you can't a hundred percent rely on any of that stuff. And as I said, for me, it wasn't particularly accurate. Well, now let's move into war. Ukraine has claimed to have docked Russian troops, as well as FSB spies. You remember them from the Soviet union, they still exist. Right. And activists actually have official scheduled meetings and are leaking private information from various Russian organizations and Russian people.
[01:07:39] So we're talking about things like their names, birth dates, passport numbers, job titles, and the personal information that they have released about these Russian companies. And people goes on for pages here. It looks like frankly, any data breach, you'll find a great article about this that I'm referring to in wired.com, but this particular data.
[01:08:04] Can change personal information on 1600 Russian troops who served in BKA a Ukrainian city, that's been attacked by Russia. And by the way, you've probably seen these things. There were all kinds of, uh, accusations here of multiple potential war crimes. What was going on over there? So this data, set's not the only one.
[01:08:29] There's another one that. Allegedly contains the names and contact details of 620 Russian spies who are registered to work at the Moscow office of the F S B. That is Russia's main security agency. Now this information wasn't released by hackers in North Korea or hackers in the us or Russia, because we already know Russian hackers.
[01:09:02] Don't attack Russia. They're not stupid. Okay. They don't want Booton coming after them, but this was published by Ukraine's intelligence services. So all of these names, all of these personal details, birthdates passport numbers, job titles, where they're from all kinds of stuff. Uh, freely available online to anyone who cares to look now, Ukrainian officials wrote in a Facebook post that as they published the data that every European should know their names.
[01:09:36] So you've got to bet there are a lot of people kind of freaking out over there. Absolutely, absolutely freaking out, uh, in Russia that is. Since the Russians invaded Ukraine, there have been huge amounts of information about Russia itself, the Russian government's activities and companies in Russia. These are all the GARS that are over there and it's all been made public.
[01:10:02] So it's very interesting, cuz these are been closed off private institutions in the us. Yeah, we do do some hacking of potential adversaries, but they don't release it. All right. Uh, not at all, but there's really two types of data here. First of all, you've got the information that the Russian authorities are publishing.
[01:10:25] Their allies are publishing, and then you've got the activists, these companies, these groups, I should say, like, Anonymous hundreds of gigabytes of files and millions of emails have been made public, including some of the largest companies within Russia. I mean the big guys, oil and gas companies, uh, or lumber companies, et cetera, cetera.
[01:10:51] So there's a former British Colonel in the military intelligence. Wired is quoting here, his name's Philip Ingram. And he said, both sides in this conflict are very good at information operations. The Russians are quite blatant about the lies that they'll tell we're used to that aren't we, and much of the Russian disinformation has been debunked, but they.
[01:11:19] They have to make sure that what they're putting out is credible and they're not caught telling outright lies in a way that would embarrass them or embarrass their international partners. So it it's really quite interesting. We've started seeing the stuff coming out in March 20, 22, of course. Right.
[01:11:39] and it's hard to tell how accurate the data is. It looks probably pretty accurate. It has been scooped up. As I mentioned on the show before. uh, some activists, one of whom has put together an app that anyone can download and allows you to send text to this mothers of Russian soldiers, some alive, some dead, and it automatically translated into Russian.
[01:12:08] I, I assume it's kind of a crude translation, but whatever. Right. So you can. Harass some poor, uh, babushka over there in Russia, whose grandson is out there fighting. This is just incredible. We've never seen anything like any of this before, but doxing very toxic online behavior. And when it comes to war, the gloves are off.
[01:12:34] Right. And by the way, these groups that I mentioned, these hacktivists have official meetings, Tuesday mornings on telegram, and they talk about who the next target is. Absolutely amazing. Make sure you visit me online. Craig, Peter son.com. And don't go anywhere because we've got more coming up here about organizations in general, here in the us breaches are up stolen.
[01:13:03] Data are. And the number of bankruptcies are up because of it.
[01:13:10] Hacks are up now, you know that we've, we've known that for a while, but did you know that that is not necessarily the number one reason businesses are suffering breaches? So we're gonna talk about that right now. What else you have.
[01:13:26] We've talked before about some of the websites that I keep an eye on.
[01:13:31] One of them is called dark reading and they've got a lot of good stuff. Some of this stuff I don't really agree with, but you know, who agrees with everybody or another person? Just one, even a hundred percent of the time. Like no one. Okay. So in this case, we're talking. Organization suffering a breach. And the stat that they're quoting here is that more than 66, 0% of organizations have suffered a breach in the last 12 months.
[01:14:04] That's huge. And the breaches have gotten more expensive. Global average breach cost is $2.4 million. And if you are unprepared to respond to a compromise, that price tag increases to 3 million. Yeah. That's how bad it is. That's what's going on out there right now. But the point that really they're trying to make here at dark reading in this article, by Robert Lemo.
[01:14:36] Is that our organizations are focused to narrowly on external attackers when it's insiders third parties and stolen assets that cause many breaches. That's what this new study is showing from Forester research. Now I've had them on the show a few times in the past, you might be familiar with them. They are a research company.
[01:15:02] That charges a lot for very little information, but you know, they've, they've got the research to back it up, right. They're, they're really one of the leading, if not the leading research company out there. So last month they came out. with the 20, 21 state of enterprise breaches report. And they found that the number of breaches and the cost of breaches varied widely, depending on where the organization is based.
[01:15:33] And. The big one that you have control over is whether they were prepared to respond to breaches. Now, companies in north America had the largest disparity between the haves and have nots. Listen to these numbers. They're bad for businesses. These numbers and're worse for individuals. The average organization required 38 days.
[01:16:00] 38 days over a month on average to find eradicate and recover from a breach, but companies that were not prepared for security challenges took 62 days. Now the good news here is that this is down. It used to take nine months on average, and now we're down to two months, but here's the big question for you.
[01:16:30] Can you, or can a company survive 62 days or is it gonna be out of business? Right? Do you have enough money to make payroll for the next two months? That's where the problem. Really starts to come in. That's why small businesses that are hacked small businesses that are using things like Norton or some of the other real basic software without having a, a good firewall and, and good security practices.
[01:17:02] Uh, and same thing with individuals here. Uh, you are going to be out of business odds. Right. That's what they're showing right now. And your insurance policy that you have for cybersecurity insurance will not pay out. I did a presentation for an insurance industry group. Uh, this was in Massachusetts and it was a statewide group.
[01:17:29] And we talked about how. Are not paying out the companies. Aren't right. And why, and if, if you are not prepared, if you are not doing the right things and I can send you a list of what you need to be doing, if you'd like, just email firstname.lastname@example.org. Be glad to send it to you. Me, me at Craig Peterson, P E T E R O n.com.
[01:17:54] and just ask for it and I'll, I'll respond to you or we'll get Mary or someone else to forward it to you because I've already got it. Okay. This isn't a big deal for me. Okay. it's ready to go. But, um, that list is an important list because if you don't meet the standards, That the insurance industry has set forward and you are a hack.
[01:18:16] They're not going to pay you a dime, even if you Sue them. And we've seen this with very large companies as well, where they're trying to recover tens of millions of dollars from the insurance policy, and they didn't get a dime. They had to also pay who knows how many millions to lawyers to Sue the insurance companies.
[01:18:36] And they lost. Okay. It's a very, very big deal. So there's of a huge misalignment, according to Forester, between the expectation and the reality of breaches on a global scale, there's a big disparity of about $600,000 between those who are. Prepared to respond to a breach and those who are not. And, uh, we can talk about that as well, because there there's things you need to do obviously backup, but backup means you've got to check the backup.
[01:19:08] You've gotta make sure it's valid. You should be spinning up the backups on, in a virtual environment in order to make sure the backups are good. There's a lot of things you should be doing. Okay. And, uh, that's just a part of it. Plus, do you have your PR people ready? Are you able to respond to the state requirements?
[01:19:29] A lot of states. Now, if you are hacked require you to report it to the state, in some cases in as little as 72 hours. So do you have that paperwork ready? Do you have the phone numbers of all of the people that are on the team? Okay. All of these things now, the threats are not just the external hackers.
[01:19:52] anybody who's trying to protect their data is focused on obviously the external hackers. That's where we tend to focus part one part two is we focus in on the people that are working inside. The company, right? It's kind of a zero trust narrative here. Why is this guy in sales, trying to get into the engineering files?
[01:20:19] Why are they trying to get into payroll? Right? You, you understand where I'm going with this? You buying what I'm selling. You don't want them to have access to stuff that they don't need access. So. Attacks that Forrester found were spread over external attacks, internal incidents, third party, and supply chain attacks, which is really big nowadays and lost or stolen.
[01:20:50] Assets globally. Half of companies consider external attacks to be this top threat, but in reality, only a third of the incidents come from external actors. Nearly a quarter of them are traced back to an internal event while 23% consisted of lost or stolen assets and 21% involved, a third party. Partner, interestingly.
[01:21:15] So we've got to keep an eye on this. These external attacks are a very big deal and that's where they have success with what are called zero day attacks. But your internal people can be a problem. Now I have. Put together 20, uh, 2022. This is something really, really important. A what we call a POA and M it's a plan of action and milestones of what you need to be doing.
[01:21:50] For your cyber security. Okay. This is available absolutely free. You have to email me M E Craig peterson.com. But the idea behind this is it's a spreadsheet that you can use in numbers on a Mac or Excel on windows. And it has all of the key items. Now we follow what's called the. 801 71 standard. This is the national Institute of standards and technology, and they've laid out, uh, all of the different things.
[01:22:23] That you should be doing now. We've broken them down into eight cyber security. Activators is what we called them. And we have, you should have already gotten an email this week from me. If you're on my email list, just talking about cuz we we're starting now getting into those cyber security activators.
[01:22:42] I'm showing you what. To do about each one of them. So you can do it yourself. Right? So many of us are stuck with being the, the CTO or the guy or gal in charge of it just because we like computers or we know more than somebody else. Right. So if you're on my email list, you will be getting these things automatic.
[01:23:03] We're gonna be going through them in the weeks ahead. Little, little quick mini micro trainings, if you will, but you gotta be on the email list in order to get them. These are also appropriate for home users right now. You're gonna have to make your decisions as to what you're going to do, but home users have the same exposure, the same basic problems that they have in bigger organizations out there.
[01:23:30] so I follow the national Institute of standards and technologies. They have broken it down into a number of different sections. They actually require it. And if you are compliant with this with thisness standard, uh, you are going to be able to recover your money from the insurance company. If you are hacked.
[01:23:55] I dunno. I was gonna say if or when, but, um, hopefully you won't get hacked because of this. So it it's an important thing to follow. So make sure you go to Craig peterson.com/subscribe right now and get subscribe a lot of stuff for home users. You know, my business is focused on securing businesses.
[01:24:15] Particularly regulated businesses, right? If you have intellectual property, you don't want to have stolen. If you do government contracts where they're requiring you to be, uh, uh, compliant with thisness standard or some of the others, but it's. Basic stuff that every business should be following. So just email me, me, Craig peterson.com with your questions.
[01:24:40] We've been really good at answering them. We've probably lately been averaging about a dozen a day. Which is quite a few. So it might take us a little bit to get back to you, but we've gotten much better. Mary, her, her number one responsibility right now is making sure that we answer all of your emails.
[01:24:59] We'll send out this plan of action and milestone spreadsheet for you. So you know what to do. This is updated. This is 2022. Everything you need right there. Me at Craig Peterson dot. All right. You'll also find my podcast there. Craig peterson.com. And I wanna point out that I'm not doing the show on video anymore.
[01:25:26] It just wasn't getting enough traction with it and it just takes too long. Anyways, Craig peterson.com.