Resist these ominous appointments, the raids and roundups of our immigrant and Muslim sisters and brothers, the cutbacks in every social program, and the escalating racism and police violence. That's Sunday, April 15th at 2 p.m. Join a New York City rally at Herald Square, 34th Street and 6th Avenue. Join the rally, A March to Trump Tower. And you know, a march to Trump Tower is always fun, especially in the spring. It's 8 o'clock, you're listening to radio station WBAI New York. The time is 8 o'clock. And that means on a Wednesday, it's time for Off the Hook. The telephone keeps ringing, so I ripped it off the wall. I cut myself while shaving, now I can't make a call. We couldn't get much worse, but if they could, they would. Bondedly bond for the best, expect the worst. I hope that's understood. Bondedly bond! Bondedly bond! Bondedly bond! And a very good evening to everybody. The program is Off the Hook. Emanuel Goldstein here with you, joined tonight by Alex. Good evening. Voltaire. Yay. Hi, everyone. Well, it's been a busy week, as always. Lots of things going on. We'll be reporting on some of them, and hopefully taking phone calls as well. Because that's what we do here on Off the Hook, week after week. So let's jump right into it. There is talk of some skullduggery in Washington, D.C. The existence of what appears to be rogue devices that foreign spies and criminals could be using to track individual cell phones and intercept calls and messages. We're talking about a Stingray, are we not? Yeah, otherwise known as MC Catchers. Catches the unique IDs on cellular telephones. Basically, it spoofs or imitates a cellular telephone tower. And when your phone is transferring from one or the other, it takes the strongest or closest signal and connects you to it. And this then allows whomever is running this to compromise your device and do a lot more than, well, a lot in the way of eavesdropping and other sorts of things. Yeah, this has been a concern for intelligence operatives, foreign powers, things like that. But American law enforcement agencies have been using these pieces of eavesdropping equipment themselves for quite some time, and they haven't really told us much about it. In a March 26 letter to Oregon Senator Ron Wyden, the Department of Homeland Security acknowledged that last year it identified suspected unauthorized cell site simulators in the nation's capital. Now, keep in mind, that's veiled language because that means there are authorized cell site simulators that do exist in the area. In fact, they exist all over the place. New York is certainly no exception. Basically, you make a phone call. Your phone call is processed through one of these Stingray devices, and all kinds of information can be captured. Right, Alex? Absolutely. I mean, for me, it's just sort of a duh moment with this story. I mean, of course there are rogue devices like this, Ron. Every nation's capital is going to have active intelligence agencies, especially cities that have embassies where it's sovereign territory, and these things can be placed on sovereign territory within an embassy, and it's probably really relevant for foreign intelligence agencies to be actively monitoring radio frequencies, cell phone calls, things like that in Washington, D.C. I mean, this is sort of very much an overstatement of the obvious. Of course these things are there. In fact, I think a lot of the reporting even reflects that. Back in 2014, there were a whole bunch of tests run in Washington, D.C., where these were in fact detected. So people have known about these for a really, really long time, and all of a sudden they're waking up to it, as we're waking up to a whole bunch of other issues relating to privacy and the usage of data. So these MC catchers, these Stingrays, yeah, they're a big problem, especially for people who are innocent civilians living in D.C. who have their phone calls snatched up in these drag nets. And this is how they work, just in case you're wondering what we're talking about. Basically they trick mobile phones into locking onto them instead of the legitimate cell towers. Then they reveal your exact location or the location of your phone. There are more sophisticated versions, and they can basically force your phone to step down to older unencrypted 2G wireless technology. Some even attempt to plant malware. They're fairly cheap. They can cost as little as $1,000, or they can be expensive, costing as much as $200,000. Regardless, we want one for hope. We want to experiment with it and see what we can do and learn more about this technology. Kyle? Yeah, I want to push a little bit back on what Alex was saying, just because in most cases it is that diplomats and those people would be anticipating that kind of surveillance, especially in a capital. The thing that we noticed a couple years ago as well is a lot of this was less or as much state and local as there is federal adoption of these kinds of technologies and so forth. In general, it's a lot broader than just maybe a federal agent per se. Yeah, it's funny. When you have these stingrays, a lot of it allows the local cops to monitor people and not use a warrant at all. They've been subpoenaed to get more information about it, and all these local cops have said, oh, it's a trade secret. When we buy them, we're not allowed to talk about them. That's why we need hacker ingenuity. Again, these people end up being the ones that— people that are not diplomats and people that have the expectation of that, they get kind of swept up in this because it's being implemented under the auspices of that in some cases. It's not all. Of course, I'm generalizing a lot for the sake of conversation. Yeah, and the fact that our diplomats are able to end up being the victims, and there's stuff to spy on, it really shows what the government's priorities are. The NSA and a lot of these organizations have dual missions of weakening other countries' cryptography, but at the same time, it's supposed to be strengthening Americans' cryptography. It really shows that when they care more about spying on foreign governments, spying on their own people, they care about protecting their— Let's not pretend to be surprised because, yes, that's definitely true. No, we're not. We're not, yeah. And this sort of dovetails right in with a lot of the private companies that are allowing access for these federal agencies and the other areas where information can be collected. This is just sort of another way that people who aren't taking precautionary measures to resist this end up getting another avenue. Their details are swept up. Yeah, and you bring up a very good point here. I mean, what are the precautionary measures you can take to prevent your communications from being intercepted by these types of stingrays? Well, encrypted communications is obviously one of them. Use some kind of service, whether it's signal, telegram, wire. Not telegram. We're not telegram anymore. That's true, yeah. Tell people why not telegram anymore. Because telegram uses their own self. A, it's proprietary, so you can't write down the source code. And B, they've gone on record and say they use self— like their own type of cryptography that they've edited themselves. There's a rule that you should never roll your own crypto. I had trouble with telegram because I started using that, and all of a sudden I was being greeted by people who were aware that I had started using it, but I never told them that. And that, to me, was very annoying. You know, they tell everybody. It's terrible. Yeah, that is an invasion of your privacy right there before you even get to your first conversation. Yeah, I agree. So that's one countermeasure, obviously. But if you were just worried about people eavesdropping on your conversation— I mean, think back to the times when cell phones were on analog, when they weren't digital, and they were just broadcast freely between 800 and 900 megahertz frequency. Those were the days, yes. Those were the days. In fact, I remember you and I did something fun. No, we heard about people who did it. Oh, yes. And you could turn your TV set up to, like, channel 83 and hear all kinds of, yeah, same frequencies. We did do some things on public record, though. I remember on CBS News, you and I did something where we demonstrated this. Well, you know, we have different ways of remembering history. But yes, Kyle, you have something to say now. Voltaire, what was the problem with 3MA, you said? It's proprietary. Same thing. So same thing, they're rolling something that they're not allowing other people to audit and be a part of. One other avenue that I did want to get in before we move on is sensing these networks. And I looked a long time ago. It might have changed, but there's maybe, like, one or two apps that are MC Catcher catchers that can sense the use of this type of equipment. If you're a hacker out there, aside from us wanting to get a hold of an actual Stingray for our conference coming up, just in general, if you want to work on a project, if you're looking for something to do, developing and working on these kinds of apps so that more people can sense this kind of tower spoofing or whatever Stingray being used in your area, we need better versions. I think the version out there that's most popular is it only works on one version of Android. There's something about it. It's just not moving forward. So help these organizations, help the projects that are empowering other people, you know, your community and the greater populace to catch this stuff in use. I have a question, though. Is it in the interest of the phone companies to help detect these things and let their users know, or is it something that they would rather we just not be talking about? Walter? No, because if people are more aware of these problems, then it'll encourage people to demand that they upgrade the infrastructure, and then that'll cost them money. So the phone companies aren't going to do this. Certainly, the authorities are not going to do this because they're the ones that are spying on us. And the foreign actors and intelligence spies and all those people, they're not going to tell anybody anything they're doing. So it's up to hackers. It's up to hackers to figure this out and to design a system, design a tool, an app that can be used to detect these things. There's been a lot of great stuff as far as sensing what kinds of spying and surveillance is going on on physical things like, you know, broadband connection and so on. But we need more software that people can run as they're out in the field, you know, in the community, in their neighborhoods, so that they can see this stuff. And it's just not there yet. It's not easy. It's not on every phone. And like I said, the one I saw maybe works on, like, an old version of Android. So we really, really need to build more tools so that we can have a sense of what kind of connections and surveillance tools are being used against us. All right. And speaking of these tools, you know, there are some commercially available products that you can purchase for significant amounts of money that will allow you to detect these types of things, but they're not really for public consumption. But, you know, going back to this issue of, you know, who's responsible? If the telcos, from a legal standpoint, if the telcos begin to monitor and identify and police the situation, then they're sort of creating a duty that they are going to have to maintain because if they do this and then they realize it's cost-prohibitively expensive to continue doing this and then they stop doing this, people may have come to rely on the fact that they were doing this in the past and then when they stop, if they don't notify people, then it becomes a legal issue for them. They may be found in dereliction of their duty to actually protect consumers from this kind of thing. So from a legal standpoint, they have very much an incentive not to do anything until they're forced to do it. And that really is a problem. And I think you're right, Emmanuel, this leaves a big gap here in terms of who's responsible for identifying this. But then once it's identified, once, let's say a network of stingrays are identified. Yeah, like a Google map overlay. Boom. There it is. Every single location in New York. Absolutely. But then what can you do about this? Well, when you have the information, you have a lot more, you know, a lot more options as far as planning and talking about it and spreading the word and having the discussion. There may be ways to avoid these particular geographic areas, but, you know, taking them down themselves because you don't know necessarily who's responsible for anyone. You may be taking out a stingray that law enforcement put in for a particular purpose. You know, it's, it's very, I think it becomes a really tricky issue. I think they'll get over it. For the diplomats with encrypted phones. Yeah. Well, for citizens to take it, take matters into their own hands, I think it could be really tricky. It could end up, people could end up in prison. I'd like to move on to, to some more talk of foreign intrigue because we have so much of it to get to. If you've been following this case of Evgeny Nikulin, he's the guy that was being held in the Czech Republic since 2016. He's Russian. He was accused of hacking the systems of three American technology companies back in 2012, possibly compromising the personal information of more than 100 million users that is compromising it before the companies themselves got to compromise it. We're talking about companies such as Dropbox, LinkedIn, and another one called FormSpring. Has anyone ever heard of FormSpring? Well, you won't hear of them anymore because they're defunct, but they're perhaps best remembered, not by me, but by this news article as one of the social media platforms that former Congressman Anthony Weiner used to exchange smutty messages with the, well, nevermind. Whoever he was exchanging smutty messages with, apparently he found FormSpring was using that. Okay. So this, this Russian guy, who was in the Czech Republic apparently accessed that system and was able to compromise data from more than 100 million users. And that turned into a battle between the United States and Russia over who would get to actually prosecute him. And guess what? The United States won. He was brought to the United States for prosecution. He appeared in federal court in San Francisco and pleaded not guilty to the charges against him. His next court appearance will be scheduled for next week. Now this leads to a quote from our Attorney General Jeff Sessions about hackers. You ever want to know what Jeff Sessions thinks about hackers? Always. Okay. Well, this is what he says. He basically says computer hacking is not just a crime. It is a direct threat to the security and privacy of Americans. So just so you know where you stand with Jeff Sessions. Now in this case, the defendant, a Russian national is accused of breaking into the computer system of several important American companies using stolen identities and potentially gaining access to the personal information of millions of Americans. This is deeply troubling behavior. Once again, emanating from Russia, we will not tolerate criminal cyber attacks and we'll make it a priority to investigate and prosecute these crimes regardless of the country where they originate. So it's, I don't know, it's, maybe it's not a funny story, but to me it sounds funny when, when, when someone is accused of simply breaking into LinkedIn and Dropbox, seeing people's resumes and large files that they have uploaded, not to mention this money messages that Anthony Weiner left lying around and the person being treated like there are some kind of terrorists being extradited all across the world. And this guy's probably facing a large amount of prison time and huge fines. I don't know. It just seems like we could be maybe improving security, maybe focusing on more evil types of crimes. I don't know. Am I wrong, Alex? No, I think you're right about this. And I think what the statement by Attorney General Jeff Sessions is sort of signaling too, is that, especially when he noted that regardless of the country of origin here, what's scary to me is that this may be a signal that the Department of Justice will start to apply our own domestic laws more extraterritorially, meaning that they will have effect outside of the jurisdiction of the United States and that they will be then seeking extradition of many, many other people that they perceive to have violated the law within the United States. This guy, was he ever in the United States? Is a Russian national in the Czech Republic? I imagine it's the Czech Republic that made the decision to hand him over to the United States, but still, you know, getting sent to a country that you've offended in one way or another because of something that you did at your keyboard. That worries me, Voltaire. Yeah. And the fact that he also had charges against him in Russia and yet in Czech Republic, they're like, oh, basically they decided that because America had more power that they were going to extradite him there. And that America, basically, that was the priority, which just shows like what a farce, the international situation of international law is that a Russian citizen would get extradited despite having charges in his own country. Again, let us not be surprised by this. We should never be surprised by all the injustices that are plaguing us every day. And the website CyberScoop was the reporters, the reporters were in the courtroom reporting live. And they said that he was in chains at the proceeding. In chains? Was it going to hack Twitter? What were they worried about? The prosecution alleged that he had, in the past, he had acted out, quote unquote, but like still it's so inhumane. Like obviously you have to take them for their word for it. It's not like there's a shortage of true criminals out there. There are so many evil, nasty, dangerous people, really somebody who accessed LinkedIn in a way they weren't supposed to. I mean, you know, there is, I know lots of people on LinkedIn. I might even have an account somewhere, but I can't imagine how, what information do people put on there that is so sensitive. It's, it's, I mean, someone enlightened me here. Do you put your, your, your phone bill on there? Do you put your credit card numbers? What? I put my, um, my resume with all of my social security numbers. Okay. Well, I don't know about that last part, but, uh, but don't you want your resume to be seen? Isn't that the point of a resume? I don't know. Yeah. Well, that's what I think. I mean, people put lots of idiotic things on LinkedIn that they shouldn't be putting in the first place. I mean, but they don't have to, that's their choice to do that. Exactly. But I mean, things that, you know, could quite possibly get them in trouble, like listing the fact that they have active security clearances and where they worked and all this information about their past history, all these kinds of things that would make them susceptible to social engineering attacks, all this, this kind of idiocy on LinkedIn. It does seem very disproportionate to be handling this man. It's the user. I mean, if you're a serial killer, you do not have to list all of your victims on LinkedIn. They encourage you to do it. But if you do, it's on you. I don't think it's on the poor guy from Russia who happened to hack into the system and expose all this information. If you list all your victims, your profile becomes 85% complete. And then you, you know, you're rising that bar graph that encourages you to put more and more information there. There's got to be somebody on LinkedIn who is using their systems. So totally not in, in the manner in which it was originally intended and doing something, listing crimes, listing something that they really don't want to be linked to them and depending on the security of the system. I think it's about how you curate yourself on these platforms. I mean, you can really, you can go a long way to, to hurting your ability to remain private, but you can also be very deliberate about that. But it's just that the sort of the average user of a system like that probably isn't on the more cautious side as much as they ought to be. Well, maybe it's because I don't trust these companies. I never have that. If you took every bit of information that I I've given to Twitter or to Facebook or to whatever are the one I forgotten about, it's not going to bother me that that's out there because I never trusted them in the first place. You know, things that I, I think are secure. I manage myself and I think a lot of people are capable of doing that. It's not the hardest thing in the world. But you know, why would you assume that they're going to protect your, your, your private information? I think the real danger here is that we're, we're seeing politicians reacting now to problems of data, privacy, and security in ways that indicate that they don't really understand the issues at heart. They don't have a rich understanding of what it means and what, what it requires to protect data. And they don't frankly even really understand what data is or access or things like computer trespass. And so you have these overreactive types of statements and that's going to lead to very misaligned policy. And I think this is a very serious and real danger for the hacker community now in light of things like this Cambridge Analytica scandal and this fiasco with Facebook, because it's a buzzword for politicians. They have to be seen to be taking a hard line when it comes to quote unquote hacking and criminals. And all of this is going to bleed over with unintentional, but eminently foreseeable consequences to the hacker community. I would agree that this is, or I would say that, that it is, it is, it's going to be a problem for, for our ability in a lot of ways. And there's going to be unforeseen consequences of this, this idea of extra judicial stuff. Kind of, I think along the lines of what you were saying, Volterra, that it is a double standard we're applying, that we would then, you know, have this sort of extra judicial interpretation of a lot of the use of the internet when, you know, there's cases, there's, there's companies, people that depend on the ability to not violate American law and do other sorts of security or intelligence research, private firms and even up into government consultants or agencies. So it's, it's, it's kind of also like, like what Alex said, just tough talk. It's just like coming down hard, but not really having a full understanding of, of the, like I said, fall on effects and then applying this double standard worldwide. It's insane. Yeah. And with John Bolton, just Trump's new national security advisor, just wrote an editorial calling for the U S to go on a quote, unquote, cyber offensive. And the fact, and then this comes right after the Trump's nuclear policy has been revised to allow basically we can respond with a nuclear attack to a cyber attack, which. Wait, wait, wait, wait, wait, wait, hold on a second. I know I'm saying not to be surprised by this, but I'm surprised by that. You're saying that if somebody hacks the wrong machine, Trump people are saying a nuclear response is actually okay. Okay. Yeah. There's a article. I want to see that. It'll come from the, I'll tweet the article on the, on the hacker radio show profile. Okay. Hacker radio show, go to that Twitter and you'll you'll see this unbelievable statement. Yeah. That's a great example of just not equal consequence, you know, and you've got to have people that really understand the, the effects and side effects of some of these some of these policy and, and attitude, these stances. And, and like I said, you know, there are people that do research that, you know, are American companies that are doing pen testing and other kinds of stuff that depend on not breaking American laws to do that kind of research and, and a many, a myriad of other, other ways that this could backfire. That's threat is just to people overseas, right? They're not going to nuke Chicago. Somebody hacks into the white house, right? Well, if we, if we knew someplace overseas and they'll nuke us back. Yeah. Okay. That's, that's two steps down the road. I can't think that far ahead, but okay. Wow. This is something to, to worry about. And then it escalates everyone else trying to go after again, like people in America or, or otherwise, you imagine the, the just heightened attitudes towards towards internet and, and, and security. Jeff Sessions is right. Hacking is a real problem. He's afraid it's scary. You know, on, on the other hand though, to present a somewhat contrary viewpoint a cyber attack. I really hate saying that some kind of attack that is premised on digital systems that causes physical damage, or let's say causes a widespread outage of some sort of industrial control system you know, creates a famine, something like that. You know, it's not out of the ordinary to expect that that could result in a physical retaliation. The use of nuclear weapons to retaliate against the cyber attack I think would be somewhat disproportional because nuclear weapons should only be used in direct proportion to that kind of particular threat. Here's the, here's, here's my view on this and tell me if you think this is a little extreme. If we have it on good evidence that officials in the United States government are threatening nuclear action against anybody who hacks into a particular computer system, might we say they are the ones who are the true threat and we should do everything in our possible to disable everything in our, in our possible skillset to disable them cyber or otherwise because they are threatening the world with insanity. You know, I remember somebody a long time ago saying something like when in the course of human events it becomes necessary to dissolve the political bonds of one people that have connected them with another, et cetera, et cetera, the declaration of independence, this whole issue with the tyranny and King George and whatnot. Yeah, I mean it's starting to sound a little bit similar to that particular hypothetical situation. Seems like, um, look, I'm not justifying the overthrow of the US government on, on, uh, radio here. I wouldn't advocate that of course, but, uh, I would advocate that if that is what they are saying. Absolutely. If somebody threatening the world because they don't like the fact that somebody, uh, embarrassed them with a website hack or even getting into something, uh, something that that's a military system, it's not an appropriate response. I agree with that. There's a lot of whack here that it's totally disproportionate. And I think any kind of, uh, physical retaliation to an attack always has to be proportionate. I mean, the laws of armed conflict require this type of proportionate responses, right? And so we should be guided by this long standing history of the laws of armed conflict, regardless of whether or not a conflict involves a cyber operation, there shouldn't be some particular carve out, I think for a disproportionate response to some kind of information operation. I think you're right about that. Um, but I think it's hard to respond to a hypothetical like, you know, Donald Trump authorizing a nuclear war for particular situation, particular system. And again, it is hypothetical and I have not seen any actual evidence of this yet, but if, uh, what's that Walter? Do you have the evidence? Yep. January 16th, uh, 2018 New York times, right? And, uh, a newly drafted, uh, United States nuclear strategy, which would permit the use of nuclear weapons to respond to a wide range of devastating, but non-nuclear attacks on American infrastructure, including what current and former government officials described as the most crippling kind of cyber attacks. Okay. Well, again, uh, I'm not sure what that means. Uh, crippling cyber attacks, maybe there's a specific definition to define that cuts off the oxygen supply or something. I don't know, but if it's just something that, that disables, even if it's a, you know, a power outage or a phone outage or something like that, responding with nukes is insane. First of all, there, you know, we've, we've known this for many, many years that it's very easy to, um, uh, to mask the source of an attack. Uh, we still don't know who hacked that, uh, North Korean, uh, uh, film that was made by Hollywood. You know, was it North Korea? Was it, was it, uh, China? Was it somebody in the United States? Was it a rival film company? No, we don't know that. We don't know anything. I mean, this is absolutely, it could then become false pretense for, uh, uh, nuclear, um, uh, conflict and, and nuclear deterrence was never, ever, um, uh, designed to be, uh, uh, a, a resolution or, or some sort of, um, response to, um, to electronic, uh, warfare like, uh, uh, quote, cyber attack. So, uh, um, armory of some sort, I, I don't think it would be a, a reasonable, uh, uh, uh, consequential, uh, response. I mean, it just, it just seems really, really like a, a, a drastic escalation. Look at, look at the reaction when North Korea says something like, yeah, we have an, a nuclear missile and we can send it your way if you really piss us off. The way that we react to that threat and, and yet we're supposed to just sit back and, and let the people in the world threaten the entire planet if they get upset by something somebody does to one of their computer systems. That is wrong. Well, here's a crazy hypothetical for you. Okay. We haven't had enough of those. No, this one, this one may, may cut close to the bone for you as well. Uh, let's imagine that there is some kind of pervasive cyber attack, something like a, a major ransomware attack that disables a US metropolitan area, almost like an entire city, that brings them back into the days of, you know, using pen and paper and carbon copies and, and disables municipal functions, things like that. Yeah. You'd have to use nukes. Okay. I see it now. I see it. Yeah, you'd have to do it. I mean, I can't go back. Imagine if something like that happened to like a, a city in the South or something, what would we do? A city that was right next to DC. I'm sorry, what? A city right next to DC. Yes, of course. I'm, I'm obviously talking about the city of Atlanta, you know, still going through this. Yeah, I think they're, they're starting to, to recover. Yeah, I think a bit, right. They are. So, so I think they're still sort of reeling from this as well. I still don't understand why they didn't pay the $51,000 ransom. Well, the headline here reads with, with paper and phones, Atlanta struggles to recover from cyber attack. So yeah, maybe the people of Atlanta, maybe they want to nuke somebody in response to this. Atlanta's top officials hold up in their offices all last weekend, Easter weekend, as they work to restore critical systems knocked out by a nine day cyber attack that plunged the Southeastern us metropolis into technological chaos and for some city workers to revert to paper. That is such a nightmare. Alex, you're right. Police and other public servants spent the past week trying to piece together their digital work lives, including audit auditing, spread, recreating auditing spreadsheets, conducting business on mobile phones. Why is that such a bad thing? In response to one of the most devastating ransomware virus attacks to hit an American city, three city council staffers were sharing a single clunky personal laptop brought in after cyber extortionist attacked Atlanta's computer network with a virus that scrambled data and still prevents access to critical systems. Extraordinarily frustrating is how they are describing it. And I can, I can certainly understand that basically city officials declined to discuss the extent of damage beyond, uh, disclosed outages that have shut down some services at municipal offices, including courts and the water department. Um, yeah, so, uh, that, uh, that's been going on over there. Everything on my hard drive is gone. So city auditor, Amanda Noble, um, city officials haven't disclosed the extent to which the servers backing up information on PCs were corrupted or what kind of information they think is unrecoverable without paying the ransom, which ransom was a $51,000 I understand in, in, in Bitcoin. And maybe they are second guessing their decision not to pay that. Um, not all computers were compromised. 10 of 18 machines in the auditing office were not affected. Um, but, um, yeah, this is, this is something, this is, uh, I guess the, the worst case scenario. Yeah, no doubt. And it just seems totally crazy to me. I mean, this is, you know, this is a ransom payment to be at such a low threshold. And the people behind this ransomware attack have actually, uh, from what I understand, been quite successful in the past with extorting these types of ransomware payments. Um, and they do it in such a way to, to, to make the payment at a level that would be far less costly than actually responding to the incident. And Atlanta has certainly responded to the incident and is still reeling from it. And, um, I mean, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, it's a, But the they can only do so much with the budget they're given and given like the state of austerity with especially with the states and Municipalities, it's very likely that they had such a limited budget and like they why why such a limited budget for something important? Why why on austerity? Why is education cut? Why all these things, you know infrastructure that is the problem here That's why you're seeing things like this happen. Yeah okay, well, let's you got me really upset now right but by this but Let's let's go back to something a little bit more Palatable I guess in the Department of Who Cares the Director Al Abbas Zafar's Instagram account was hacked I know people are upset by this 37 year old filmmaker Took to Twitter to warn his fans and followers and also said he did not have a snapchat account again He does not have a snapchat account Ali Abbas Zafar Hack alert someone hacked my Instagram account Sorting it out. Also. I am NOT on snapchat. So if someone uses snapchat under my name, it is the hacker Have a good day is what he tweeted that tweet has been confirmed as coming from him His next venture is called Bharat starring salt. Well, you know what who cares about that, too? Yeah, this is this is what's considered important these days. It's just making headlines everywhere Here's another one Hackers tried to change grades at Virginia High School. I'd be amazed if hackers didn't try to change grades at a high school That's pretty much, you know, as long as you have the ability to do that. Somebody is going to try but here it is National News Washington Post hackers attempted to change grades at a Fairfax County high school using a cunning attack that Ironically began with an email from a school club charged with upholding humor and integrity It's a little bit ironic, but actually again, I would expect this Oakton High School in Vienna, Virginia Just the latest in a string of secondary schools colleges and universities nationwide to be targeted often by meddling students But sometimes by Isis in attempts to turn F's into A's in virtual grade books Not only that though. Sometimes they turn C's into B's A Very interesting. I didn't know that it was Oakton, Virginia So I used to live very close to Oakton High School in Vienna, Virginia. Is there any place you have not lived Wow Yeah, I've been around the block But I used to live in Vienna, Virginia and Vienna, Virginia was where I lived when I worked For the CIA I was actually indicted in Vienna, Virginia, and that's that's no joke. I was yes Doesn't surprise me. Is there some place you weren't in GTE telling that yeah a few places left When I got in trouble is Vienna, Virginia interesting But so what I would suspect because most of the people that live in that particular part of Virginia, Northern Virginia is right next to 123, which is a street the Traffic ridden road that you take directly down to Langley Most of the people that live in that community work in the intelligence community as well So I would guess that these are the precocious students Which are the sons and daughters of CIA brats of CIA, okay Possibly well, it's not yet clear according to the Washington Post who is behind this hack Alex has some some theories already I do but basically this this began around November when emails were sent from a known Oakton High School Honor Council account That featured a link that purported to take readers to news about the student club That's according to a search warrant. Yeah, they got a search warrant Detectives wrote they have detectives working on this Detectives wrote that the link actually caused a reader's computer to download software Which surreptitiously records keystrokes and then sends them by email or other means to the hacker. It's called a keylogger. So basically they sent email through what looked like a trusted account to get people to click on something that started monitoring their keystrokes and Through that they were able to get passwords and through that they were able to access the system Which apparently allowed them to change grace so many mistakes being made here and the biggest mistake of all turning this into a Federal case, you know this these are kids being clever Instead of figuring out what they did and fixing the problem You're going to make criminals out of them Yeah, I mean this is something that You know, we've been arguing and talking about literally for decades right and now the stakes are much higher for people I mean when when I was a kid, I was I was actually banned from my public library I remember for I was accused of maliciously quote-unquote This was put into a letter maliciously vandalizing their computer system And all I did was modify the auto exec bad have it drop me on a network drive and then reboot the machine That wouldn't let me fix it And so then they accused me of maliciously vandalizing computer system and banned me from the public library I think when I was about 15 years old this actually came up strangely enough later on in life When I was applying for a security clearance But it didn't prevent me from getting the security clearance But you know nowadays the stakes are very much higher and there is very is that why the stakes higher now what has changed? People are taking this way too. Seriously. They're not you know, they're not looking at this as some kind of youthful indiscretion or the product or the byproduct of kids who are just too smart and don't have an and have too much time on their hands You know, they're looking at this as some kind of real threat I mean you think back to exactly what you quoted from Jeff Sessions, right? this is this hard line approach as Kyle mentioned that that people have to take in response to this and Then when these types of cases land on a prosecutor's desk, it's not like it was 25 years ago You know now these guys want to make their bones and show that they know how to prosecute Computer crime and that they're hard on this because they are looking to Hire office for themselves. Well, and it's it's the manifestation of further manifestation of control, right? So, you know, you've you've got, you know oversimplified, you know operating systems on on computers and phones and you're just Isolating and putting people and making them more and more fearful of going outside the lines and this is something it's not an argument Alex this is something we know we've been talking about Advocating against, you know, these over like just this overreach and over emphasis on control it sounds like That's exactly it that they have lost control They never really had control to begin with and that's what this is about more than anything else because we're looking at the same things That happened 25 years ago. We're looking at people hacking their grades, you know, and and doing something mischievous, but instead of Learning from that fixing the system moving on We punish we come after and that becomes the new normal So you have a situation now where kids have to go through metal detectors again to school and that's normal You have a situation where kids can't go to playgrounds anymore by themselves and that's normal and you have a situation where if you hack Into your teacher's computer you go to prison and that's somehow supposed to be normal and it's not it should not be it's unhealthy and you know, we do know the difference between right and wrong and You know, I don't think that's something that we have ever really had a problem with when somebody is is actually stealing ripping people off Yes, obviously, that's a crime Is that what we have here or is or do we have a case of mischief people who are stepping over the line? Look at this. There's This is great a group of Palestinian hackers able to hack a number of Hebrew sites Simultaneously in Israel and post on the main pages pictures taken during the attack on the peaceful Great Return March this past Friday Hackers posted pictures of Israeli attacks against Palestinian protesters along Gaza's border Entitled we do not forget martyrs Jerusalem as the capital Palestine, you know, whatever you agree with or disagree with this is expression this is something that we've been doing for for many decades now, and it's something you can fix by Installing some security on your damn website to start with But it's also something that ever since you know, we were talking about freeing Kevin Mitnick Is is a way of getting your message out when you don't have any other means of getting the message out. However today I worry that you know that could provoke a nuclear strike from from our administration because wow you're interfering with The way we we get the word out to people we need to take a look at how we react to things like this and and understand the difference between Actual threats actual crime and expression and mischief and Just kind of healthy flexing of the muscles of technology Voltaire I think a lot of topics and I it's I guess a wider political issue of like the wider politics are affecting the hacker community like we see with Jeff Sessions being extreme and like the Trump administration basically most political administration since the 1980s have been quote-unquote tough on crime and we see like Jeff Sessions calling for death penalty of drug Traffickers right now. That's the beginning. That's the beginning. It'll be it'll be hackers next, you know hackers who cause over a certain amount of financial damage, but even even some dems like Kamala Harris have been Positioned himself. He's like nominally a progressive have positions themselves as tough as crime so gets back to a and she's a former district attorney for our Attorney for the press public prosecutor for the state of California. So it gets back. So But we need to push back against this and we see this in Philadelphia They reached like this and finally pushed back in this where they elected a anti tough-on-crime District attorney in Philadelphia and like that's a really good sign of progress. Do they call themselves anti tough-on-crime and I should Phrase but but you know, I I get it and that's something that we do need to you know Embrace a little bit more it does intelligent reaction to these things more a more nuanced approach. Yeah, right, right Hey, I want to open up phone lines because we haven't done that in a while and our phone number of course is 3 4 7 3 3 5 0 8 1 8 if you have any thoughts or opinions and things you want to Things we've talked about things you want to bring up 3 4 7 3 3 5 0 8 1 8 is our telephone number You heard the during the Horrible shooting yesterday at at YouTube the Twitter account of one of the people that was that was holed up in a room got hacked right after After the person started tweeting about the this I even retweeted this guy because I saw it happening I couldn't believe it and then after he he got to safety Somebody apparently got into his account and started claiming all kinds of things that weren't true such as people being missing And and then after that something called Flipboard, I don't know what Flipboard is but Somebody got into his Flipboard account and and started using that And and the Flipboard spokesperson said we had strong evidence that this person did not authorize the activity even though our information Indicates that whoever did this used the password associated with the account to gain access Wow, what a mystery, you know what they guessed the password. That's what happened. It's not that hard to figure out Maybe he is the same password. Maybe the password was username. Who knows? There's all kinds of possibilities there But it just goes to show how fragile these things are Okay, let's take a phone call. We'll get back to some more of this news in a minute. Good evening You're on off the hook. Go ahead. How are you? Great program as always. Let me just turn the computer off because I'm listening to you online Okay, may I ask where you're calling from? New York City Interestingly, you are on delay online more than than you are on the radio, which is usually the opposite of what happens But just letting you know, there have been a few a few gaps in in the in the streaming Well, you can get a full transcript of the show on the archive at 2600 comm afterwards and into infinity Which is great okay, so My experience may be run-of-the-mill to you, but and and to the you know to the most Experienced hackers, but it's probably something that may interest the general listenership of the show okay, I Received an email soliciting my services Let's say consultancy In the travel and entertainment industry and it seemed quite legitimate Except for as the exchange progressed the terminology that was being used started to seem strange and also the person I Did a little bit of due diligence The only person I could find online with this name was a successful British solicitor started to use Language that a British solicitor probably wouldn't use So that's always a good hint Always a good hint nevertheless at this point. I had already given my bank information But these people on the other end they were using a server called yandex.com Which I don't know where is located, but when I did go to yandex.com you had the options with the Uzbekistan Ukraine Russia and I believe also Kazakhstan flag you could you could choose one of these and I thought British with Kazakhi server It's getting stranger and stranger and initially this this person wanted to Deal on on the phone Said you can email me on my phone And I you know, I wrote back immediately I said Unfortunately, I'm the smart one in my family. My my phone is rather dumb You know, I have still the one where you have four letters for key So and and I actually had to type, you know with that kind of phone Which is probably a blessing because it saved me from much for much worse trouble, I think So I said send me an email address and we could correspond on on the email and that's when I got the yandex.com and So I divulged my bank info and as soon as I realized that something was missed I immediately contacted the bank and They told me that nothing had happened That they had an alert, but they basically would be up to me to police the account and report any suspicious activity so I researched the number and belongs to sprint. So I am about to call them to report the Event and also when I tried to click on The active link for the phone number my computer warned me saying this is a risky, but I don't remember the exact text Please please don't do that anymore. Don't don't click on these things anymore because it can lead to a world of hurt But you know the the old Windows system that I use say are you sure you want to do this, you know This may result in lots of data. I said, okay Thanks for the warning and I'm letting you know all this because it may be useful and you also may have something useful to tell me But never mind, you know, if you do I appreciate it. And if not You know You you just say something about how sophisticated these people are getting to target somebody like me with specific information that would Should we say lead me astray it would take a lot of research and And these people have put the research, you know for amounts of money that are not really, you know, potentially But I know I understand the parameters may be different in the Russian former Republic But still, you know You wouldn't think or I wouldn't think that I could be a target when we know, you know That much bigger fraud and all kinds of fish. Well, it's it's it's basically a lot of small fish equals one big fish So I think that's what you're seeing and the information it could be coming from all different sources And they could be massing this data in all sorts of different ways there. It's a very sophisticated operation so that's why it's important for you to know what you're putting out there and To recognize always put out some fake info to that way when you see it coming back, you know what the source might be That's the other thing. You see I'm not only very careful. I have no social media presence and My business is word-of-mouth mostly, you know, it's only people who know me who contact me mostly Occasionally somebody comes in, you know from the Internet, but it's very occasional and and they have to go through a lot of trouble to find You know You know I would suggest learning as much from this as possible sharing like you're doing now the info that you get out of it It could help a lot more people see where this goes. You've already notified your bank. You're not going to be liable Don't click on any more links unless you have a complete backup of your system from from months ago And please keep us updated. We do have to move on but but thanks so much for your call. Thank you all the best All right, take care so many stories like that out there now Alex. I know you have some some late-breaking Facebook news Yeah, I do Well, I'm I'm wondering if if we should even save it for next week where we can delve right into it right now Just tell me what you have Well, look, you know, the FTC has come down pretty hard on Facebook not surprisingly, right? You know given their business model and what's been going on? So I want to read to you and obviously the FTC is charged with overseeing privacy and and things like deceptive trade practices So, you know coming hard on Facebook would be you know important. So I want to read to you Something that came from an order from the FTC an order an order from the FTC You know It was it is ordered that respond and respond in his Facebook as representatives in connection with any product or service In or affecting commerce prior to any sharing of a user's non-public user information by Facebook with any third party Which exceeds the restrictions imposed by users privacy settings shall? Clearly and prominently disclosed to the user separate and apart from any privacy policy data use policy statement of rights and responsibilities Page or other similar documentation the categories of non-public information, etc, etc That's section 2 of this particular order against Facebook It's further ordered the Facebook no later than dated of the date of the service disorder establish and implement and thereafter maintain a Comprehensive privacy program that is reasonably designed to one address privacy risks Related to the development and management of new and existing products and services is good. This is a reaction Privacy is important. I see the FTC actually taking a stand Well, and then number to protect the privacy and confidentiality of the covered information the covered information of this order Thank you that includes Designation of an employee or employees to coordinate and be responsible for a privacy program identification of reasonably foreseeable material risks both internal external that could result in the unauthorized collection use or Disclosure of covered information and an assessment of the sufficiency of any of the safeguards in place to control these risks We spend a lot of time criticizing federal agencies for not Reacting and obviously it's a little late to the game that they're reacting now But at least they're there Acknowledging the problem and doing something about it and I'm man enough to admit when you know, I've been too hard Well, here's the very interesting thing about this particular order that came down from the FTC against Facebook Yes, I've just been reading you an order from 2011 say what now? 2011 that was from 2011. That was from 2011. That was seven years old. Yeah, actually. Yeah, I didn't even realize yes seven years Wait a minute So you're saying that order was already handed down that order was handed down and yet this still happened and this still happened and the FTC the reasons why the FTC came down hard on Facebook because of this particular order Was actually listed in 2011 and in basically say basically it was because they made promises About data privacy that they did not keep and in the in the words of the FTC I'll read you a couple of these points. You have 20 seconds. All right number three Facebook told users they could restrict sharing of data to limited audiences For example with quote friends only in fact selecting friends only did not prevent their information from being shared with third-party applications their friends used Does that sound a little bit familiar Wow, you know, I think we've dealt with this we should take this up next week I understand that Mark Zuckerberg retestifying in Washington DC Well, that might be a mistake next because I have a feeling he's gonna be asked to significant questions about this particular agreement from 2011 That the FTC had I think we should all go down there. We should all go down there and you know, talk to him about he's actually up to but we'll have we'll have a report on that next week and Please write to us OTH at 2600 calm. That's our email address Don't forget 2600 meetings this Friday all around the world and we will see you next week I want you to know tonight 1960 students all over the South started sitting in at lunch house And I knew that as they were sitting in they were really standing up for the best in the American dream I I Mean I Have seen the glory You