2021-06-05 1116

Craig Peterson: This is a concerning report. At least it is concerning to me and it should be to everyone, frankly, but despite Colonial Pipeline to attack the likelihood of utility sector hacks has increased as was evidenced just this week.

[00:00:15 ] I wish I had thought of this one because it's just so simple and those are always the best, right? The simple ways to really work around a problem. And I've brought you a few before where we talked about some of the VPN stuff. We've talked about different types of security, this particular one, though, I think takes the cake.

[00:00:36 ] It's absolutely amazing. If you get right down to it and think about Russian hackers, real Russian hackers, not the fake ones, not just the white house saying that's Russia and it's really China. And then it sometimes frankly, between you and me, it's hard to tell because. The Russians can easily use

[00:00:57 ] chinese

[00:00:57 ] tools.

[00:00:58 ] They're available to almost any hacker out there that bothers to go out of their way to grab them. And the Russian tools are much the same way. So the way you figure out whether or not it might've been China or Russia, Or a particular hacking group or another is to look how they behaved when you're there in yeah.

[00:01:17 ] Your computer system. So let's say you think your computer got hacked. You might look for different pieces of software or names of files or where they went, how long they were there and what kind of ransomware might they've used on yours, computer, all of those types of things. Give you a serious clue as to who it was and where they came from.

[00:01:42 ] You can't really tell where they came from. You can look at the IP address and a lot of people say that. Why don't you just look at the IP address? The reason you can't obviously you can look at the IP address, but the reason you can't depend on that in order to determine where someone's coming from is just like they showed in the movies where.

[00:02:02 ] They're trying to back trace a phone call or back trace something, and it shows up on this big world map on this huge screen. That's bigger than. A 20 foot wall and it's showing a little dot. Okay. Here's OS and oh, and came in from Des Moines. Okay. Okay. Before that they were in London. Okay.

[00:02:22 ] Before that they're in South Africa, they were in Russia and they were in Vancouver. You've seen that. And it shows the dots popping up and the lines being drawn between them. That is not possible. Certainly not in real time, but it's really not possible at all. Because all you have to do is have a hacker take control of a few dozen computers around the world and use them to hack you.

[00:02:51 ] So that bad guy is now using dozens of people's home computers, which have no real logging. No, one's really paying attention to them. You're using it for gaming or maybe a little bit of work, email, web browsing, all of that basic stuff. So you're using it for all of those things, but you're not securing that computer tightly.

[00:03:16 ] So they'll just use it. If they want to attack from North Korea, they can easily hop through a few different computers and then end up on a computer in Russia. And now it was like, it's coming from Russia. It's really that simple. And they have these botnets to do that. Very thing. Yeah. That's why I keep telling everybody, make sure your computer is up to date that it is in fact patched up and the bad guys are less likely to be able to use it because your computer can be used to hack somebody else.

[00:03:51 ] It can be used to bring a denial of service attack against someone. The distributed denial of service attacks are way up this last year. It can do a lot of things that frankly, it should not be doing. So that's why I'm always warning you guys. Cause you don't want your computer to be used in a crime. So we can't tell where these hackers are necessarily coming from, but what Brian Krebs revealed this week, I thought was absolutely brilliant.

[00:04:24 ] Apparently many of these ransomware guys are in fact in the Commonwealth of independent states. And that includes a few different countries, Russia, Ukraine, Kazakhstan, Turkmenistan all of these stands over there. And some others

[00:04:39 ] basically

[00:04:40 ] Craig Peterson: it's the former Soviet union countries. So they're part of this Commonwealth of independent states.

[00:04:46 ] And if you're living in there, let's say you're in Russia and you're in Moscow. And you're using computers. You're sending out ransomware and you wanna make some bucks off of it by charging people a ransom. You need to be darn careful that you do not ransom any Russian computers or in fact, any of these Russian affiliate computers.

[00:05:11 ] Because if you do, you're going to have the gremlin coming down on top of you. They do not take kindly to it. And I don't know if you've seen any of these Russian. Prisons jails doesn't seem like place. Most people would want to end up at some pretty bad places and you don't stand a chance.

[00:05:29 ] Okay. So the bad guys are trying to be careful. So if you're sending them ransomware, that's indiscriminate, I'm not talking about a dark side going after colonial pipeline where they're aiming at colonial pipeline. There. Aiming at one specific business. Cause they know that business has money to pay. And you got to ask yourself, why did they aim at colonial?

[00:05:54 ] Was it just because of the money? Because they knew they could pay. Because we've had water plants, ransomed police departments, Ranson. We just had meat, the largest meat processor in the world. Branson is this a pattern where they're checking our critical infrastructure, the ability to put fuel in our vehicles.

[00:06:17 ] The ability to have electricity. I have food. Is that what's going on? I really don't know, but I can tell you almost all of the ransoms that are out there are indiscriminate. So you can't just sit there and say I'm not going to get ransom because I'm not colonial pipeline or I'm not a meeting.

[00:06:33 ] Packer, et cetera, et cetera. It's not gonna affect me. I'm too small. No one cares about me and I can get my business back online in a day, a week at the most. And you may be able to, okay, but you are still the target because almost all of this ransomware is random. Basically it's distributed in emails, sent out to millions of people that have no idea where it's gonna end up at.

[00:06:59 ] So let's say that you get this ransomware and you open it up and it's a business and all of a sudden you get ransomed. How does the ransomware know if you are in the Commonwealth of independent states? How does it know that your businesses in Russia or Kazakhstan or Armenia or one of these other countries.

[00:07:23 ]Basically it, it doesn't. And I'm I know I'm going to get, let me just double check Armenia here, because I know I'm going to get all kinds of flack from people. Yeah. All camera and yet Armenia is part of it. It doesn't know. Or at least it doesn't know if it doesn't check and that's the beauty of this, but Brian Krebs did Brian Krebs came out and said, and I think he got it from someone else too, but he's the one that really populated it, our populated popularized it.

[00:07:56 ] What this ransomware software parently does is it looks at your computer for something very simple. Now what could you look at if you were writing ransomware? What might you want to just check real quick? That's a real quick check. You can see if you are probably within the Commonwealth of independent states or maybe you're on a computer in a Russian embassy in the United States, which you also don't want to hack while why don't you just look at the keyboard?

[00:08:27 ] Apparently, that's what they're doing. They look at the keyboard of the computer when it gains control of the computer. And I'm not talking about the physical keyboard because many people worldwide use a us standard keyboard, but. What they're looking for is a keyboard. And when I'm saying a keyboard in this case, I'm talking about a virtual keyboard in one of a few languages, including Russian isn't that something.

[00:09:02 ] So they looked at this dark side, ransomware and cyber reason did some reverse engineering on it and he found. Which languages you can have virtual languages on your keyboard. Now you might already have them. I've got French on mine, as well as English. You might have Spanish. I don't know.

[00:09:23 ] There's the Chinese, there's a lot of the Mandarin. If you have Russian Ukrainian, Armenian, or a number of these others, Romanian, any of those languages that are part of, again, this Commonwealth of independent states as former Soviet union on your computer as a virtual keyboard. Yeah, it doesn't have to be a real keyboard, just a virtual keyboard.

[00:09:49 ] This particular piece of nastiness, this ransomware from dark side will immediately shut itself down. Isn't that amazing? So simply put, there are countless versions types, strains of malware that check to see if you have one of these languages installed on your system. And if they're detected, the malware will immediately exit and will not even install itself.

[00:10:20 ] Isn't that something. Yeah. So whether or not we can absolutely tell if something's from Russia or China or North Korea or someone somewhere else. We do know that having one of these Russian keyboards or again, one of the stands, et cetera, keyboards on your computer. Will short circuit, the ransomware and a won't even install itself.

[00:10:47 ] Isn't that just amazing. So look in your newsletter. That's coming out this weekend and have a look and I've put together a whole thing about this, a little video. You hav