WWL>Topics>>2-10-14 12:10pm Garland: on cyber theft

2-10-14 12:10pm Garland: on cyber theft

Feb 10, 2014|

Garland talks about cyber theft with digital forensics experts Joe Sylve of 504ensics Labs and Mark Lewis of Simmons & White.

Related Audio:

  1. Think Tank 1210pm drug addiction in the city


    Tue, 28 Mar 2017

    Should drug addiction in the city be treated as a health issue or drug issue? More deaths due to overdose in New Orleans than homicide. This hours guest: Dr. Jeffery Rouse - Orleans Parish Coronor

  2. Think Tank 1110am healthcare plan


    Tue, 28 Mar 2017

    Bernie Sanders said he’s going to push his plan for a single-payer healthcare plan like Europe.  He says Obamacare is costing us too much and the GOP can’t get their bill together to correct the problems. This hours guest: Michael Cannon - Director of Health Policy @ Cato Institute

  3. Think Tank 1010am recreational marijuana


    Tue, 28 Mar 2017

    OH CANADA!  Could Canada be the next country to legalize recreational marijuana? Canada is proposing legislation that would legalize recreational marijuana by 2018.  This hours guest: Chief Larry Kirk - Retired Chief ( Old Monroe Police Department, Missouri & member of LEAP (Law Enforcement Action Partnership)

  4. Think Tank 1210pm select committee


    Mon, 27 Mar 2017

    Is an independent “select committee” necessary in the investigation of Russian hacking & possible collusion with Trump associates? This hours guest: Max Bergmann - Senior Fellow at Center for American Progress Steve Bucci - Director of the Allison Center for Foreign Policy Studies at the Heritage Foundation


Automatically Generated Transcript (may not be 100% accurate)

Or here's the reason for this show and bear with. How would -- -- -- shows about the loss of privacy. And it'd just seems like people getting used to be idea. The privacy basically -- over. Question is is that it won't raise the question raised in this hour. The other is hacking. Everywhere you look for a target Neiman Marcus here in the Christmas holidays. Forgive what -- sporty U. Seven email in some polite. Customers of targets in markers there. Personal information stolen big brouhaha about it whatever and here's the leaders one that caught my money here and in BC -- think it was last week. Brian Williams warned that the reporters. Reporting from salt. And what they do it. He presented. A story where he had bought to bring new Apple Computer's book for. They went to Russia. And he brought an expert with cyber security with -- him from what they did they downloaded. All of this information that there wasn't corrective provision that they've loaded the computer row with the information. They kept the reporter's name but none of it is. Officials dot none of this identity that could be -- -- But a lot of seemingly professionals -- on the computers. And the story was. We wind too socially. And we went to a coffee shop. And we opened our cellphones and then we went back -- the room. And opened the computers. Though McPherson played via -- -- sound bite that he says what happened cut of one please mark. I malicious software hijacked our phones before he even finished coffee but as far as stealing my information. And giving hackers the option to. And Michael Paulson -- illness. Your mind financial security and my physical security yeah depending on who's listening. And then he gets into. What they've come on the go back to the hotel cut to. -- at the hotel where it was using special. Software to monitor my two computers and that's and sure enough -- they -- also being hacked but you were able to. Oh yes very very quickly if somebody was. Exactly if it had taken hackers less than one minute to pounce. Within 24 hours. They broke it took both computers and started helping themselves to my -- -- where's this information don't -- -- computers in particular the traffic is actually going to serve with in Russia. A year ago a lot of shows on crossed. When you hear the tone of that which was a little bit tiny hysterical. And -- whom I couldn't issues so she -- -- and or your provisions -- but never a Russian veteran that make sure you've been important countries. Well this morning I get to do follow book reading. And this is one of many many many reports that fine. Researchers at Trend Micro. Researchers. And run out of security. Searchers. Are true and my crew I mean. Suit -- them. 11 of the company in regards to reader and companies and these. And they say. The report was edited in a misleading way in the implications were overblown. In -- wasn't in and so he was in Moscow. Thousand low to way. Mal Moore was only downloaded to the reporters devices. After deliberately clicking on this saying kind. Now we're relieved and believe that -- won the world knows who board. -- securities and the story was a 100% fraudulent. Sure it was simply reminder not to click -- clearly hostile web slight edge like the big Olympic sites that -- visited. Absolutely zero pursuing the story was about turning on a computer and having your permissions to. Could've happened -- support page that caught my could have happened anywhere. And and -- happen to own brand new device without -- -- so much talk. Talking about all the stores red over the last couple years of how acting -- currently prison during an act. Nuclear power plants are packing our military. And as soon as we hear one of those would go well actually you know it's encrypted. And they couldn't really bring the encryption although they did -- into. -- -- roll it in this day has developed a plan where where they can hack all inscriptions. On that actually because of ABC. So it becomes a thing. Who would trust what really going on. Is there acting. Isn't just an aggravation. Or isn't a major problem or is it the national security threat. We thought we'd talk to cope with the experts we have more closed principal partners. Simons and white mark welcome to show thank you -- the coveted encryption. And Joseph Silva digital forensic expert and managing partner Bible for. In six land. Pretty impressive digital forensic expert. I'll also I'll start with -- did you. A London. And what I'm trying to understand is this something that threat to all of those actions accurately. Big issue ours is something we've just got to learn. Line it's. It's certainly malware and and cyber attacks are certainly things that are happening you know that's that's not debatable we're seeing it happen all the time. But is it to point to where you are are gonna go on a coffee shop we're gonna turn out to open up our laptop automatically were just you know -- entire financial information is going to be stolen. I think that's a bit overblown just. But you know cyber threats are real they are. -- Well yeah I agree with Genoa on the problem I think that most people have is that -- I don't think they're doing enough but they're due diligence. This test to be a constant. Procedure that businesses and and and individuals need to continually be aware because I think frankly that hackers are always looking for that competitive edges they say. The developing new software to crack encryption codes are doing all kinds of things and he CRV scifi movies and all these different things are going on with the thumb -- I -- -- finding a way around it so we have to continue to do -- due diligence. In it and I think if we do that. We're going to be better prepared and going to be it be better prepared. Make sure that our information is protect. -- particular groups that break it won't come back and get more news on hacking prevalent out dangerous war. Is -- just the new technological world that we're -- defiant way it was. Look at your small business out there in particular. And a -- in Poland -- in pursuing. Anybody with questions or comments Gibbs call 26018726017. Told three -- anywhere in the country 866. Dollars and zero he said. Are we're whipping about hacking begin about Internet security credit card security based on what happened target Neiman Marcus. And a bunch of other retail entities. Around the country. And and everything that brawl -- and we also spotlight and b.'s report from Sochi. That Coleen did the minute they open their computers and cell phone boom everything got strong. About currency and that -- Mark -- principal partners though is it's inclusiveness in the senate and white citizens avoid. -- serial digital forensic expert and manager partner Bible for instance laps. -- wouldn't. Torque and in the -- Portman who Neiman Marcus. -- credit debit cards stolen seven million all of the records with personal cause -- Came a little bit later stolen. In in table Switzerland. For the the big economic political. Meeting. 12 year. And it's the most powerful political -- actual people in the world. And this was a big issue with and they basically came out and said. You know we're ripping conservatives. -- the government ordered cultures accurately on an island. It. All of this that's going -- with acting. Cautious about five cents for every hundred dollars spent a credit card so. Really not expedient to be your thoughts. Does does that mean. We're just never again have really good security with a computer -- personal information. Carl and I think the -- they're valuing the dollar spent in terms of the risk in terms of them actually being hacked into. And I think. At five cents per under dollars I think they're willing to take that risk that the dollars. Aren't. That if we spent any more than that it's -- when I can get the return our investment so. I think. In Joseph talked about this earlier look -- -- or off the air there's a balance in terms of what you spend and the value of that investment and what to return as. But Alex take a scenario such a lot of people have insurance and the house I mean. That one time it could happen a year house can -- down and if you're not covered then you're really gonna suffer the consequence of the. But we do -- never talk about this earlier it's like also saying why do you have insurance sooner house on Monday. And you check on Thursday and -- at a time element -- incentives the constant drug review of going back when there's not a problem. To make sure there isn't. Yes and I totally agree with the other and it's the time value that you have to put in to protect your assets. He just pay insurance one time and you're down with -- -- to continue to update in a monetary and make sure you get covered -- whatever maybe you're right. It is real blonde boy for -- so that we think what's the. Joseph wouldn't. Well my thoughts as the one of these. And it's debatable whether it's the simplest but one of the most effective security measures you can take -- and corporate environment. If you need to have that executive by the people at the top have to care about security and they have to care about their customers' data. I have no idea -- it. Targets says security budget was before back in almost guaranteed it now they have been compromised and it came such an international media 100 million. Announced that while that's a huge cost. But I guarantee that the budget is is is now more a lot more than it once before because it start to affect the bottom line. Does the actual threats the actual threats maybe you know five cents to every hundred dollars as -- said. But the procedural. When everyone else in the in the world knows they're not secure the start using that trust and their clients and Monday they go and it's very reactive security needs to be proactive as well. That exposure. To target had. And the negative press that they got. I can assure you that every. Organization corporate America is reevaluating their network security and security requirements in terms of protecting -- and I bet. That everyone has gone -- oh this could happen to me I got to take these measures are gonna make this investment. Because they don't want that explosion targets a meeting people or not I'm not going to target and I've heard that over and over again people. Affect my my credit card was comp was compromised and they sent me into my money credit card company that she sent me a new credit card fees and costs without. Pretty sure it was them that well I said that my car was used in the target and -- they reissued -- canceled -- where we are so near -- ports afterwards. A lot of teaching equipment divisions. That we -- and it. Well when when we. Look at all of the targets in the groups than a hundred million. Or they're bulletproof -- Oh absolutely. Now on will be bold approach. Are today you know and it determined enough attacker given enough time and resources is going to be able to get into anything. However the idea is it is to make it hard enough for them to. Not make it worth -- -- you go somewhere else took. But -- like you said you've you've heard people would say they're -- shop at target anymore Alexis like people saying I'm not gonna -- gulf trap while we now have the most. You know checked. Seafood in the in the world after the of the oil spill. Since that would target target security is probably most one of the most watched network for right now in the world so is it not safe to shop at target. I would I would say it's probably more safe to shop at target and it is most other it is. We're we're going. A gun shows. That was complete years ago where. The Chinese had hacked into the Pentagon and many computer war frame. And sat there and watch what we're doing and brought in Afghanistan and I think it was almost for two years. Where -- you would do we ever get to a point of no return or a point where people are so punch drunk. They're afraid to use the devices sources just something we skeletal living in a war zone you know heavily towards. Well. And LT cadavers gonna come to the fact that people aren't just -- user devices I just think people are gonna become ordered diligent about how to use them what security measures and take. Could you don't want to happen use so. And I'll say there's there's so many different levels of security. And there's a cost associate with a very low level going all the way up to the top -- he could spend millions millions of dollars and Natalie. Quote unquote he be one of the last people connected to. On the Internet has caused a information flow to access to everybody I just think is the corporate America needs to just do their due diligence. And have those tools in place to continue to -- an hourly even a daily basis to make sure. Hackers there it for the fun they're not in it for the money it's -- eighteenth of that. There are always looking for ways to be able to give -- the corporate America. And in Garland security awareness is also an important thing you can spend as much money as you want on on technologies and vendors might tell you. Yes if you buy this box plug it in your network we're going to be able find all the actors. But if I can still walk in two -- your office and talked to a secretary and say oh I need need proud arrest and make you please bug issues -- stick into. And -- computers she doesn't know any better now I already have access into your network and a lot of times. People will fortify the outside their networks but the inside of an -- is is why -- that. And that's seems to be the case here what happened with target there's a little bit -- details coming out but it seems like they. Got in through. Third party vendor and then once there and -- network they were able spread lottery through both the financial network and the regular hard. Will combine -- let's talk about that steps that we use that people should be thinking port security. Are owned small business looking at. Was a report here it's not just hacking threats of big business small business facing a big problem. Come right back give questions your comments we're talking about -- were talking about. -- businesses permission personal information call comments questions. 200187. -- told free country it's exit aided -- zero heats up. Are welcome back where where they -- about hacking thing about our concern about privacy of Internet world today. And we've we hear all these extraordinary stories to be in its today. Hacking and two. Our information. Foreign countries. And then lately and we get the target Neiman Marcus -- on. So well what we're trying good news is trying to get better handle on. Is this the threat is it a big threat or is it something that's kind of an aggravation in the can be managed by certain thing. Or as little threat at all we have Mark -- with -- us. Prince will pardon them Simmons and white and Joseph sell digital forensic expert and manager partnered -- pour it into excellent. Mort you you assume what you look up do what they've got -- or a regular basis take the steps to protect themselves don't tell me give an example what. Well you know obviously. At your home user. He you want to security software and there's just -- to an in -- -- to speak more to this but they have some sense of Lotta times remember told a story earlier went after Katrina I went to a Dallas. And I didn't have Internet access so what I did is I drove around the block and look for an open network and a house and I found one Monica on the Internet. So cloud times people have a network at home but they get their -- -- their routers are wide open and it's not security enabled that's one method of protection just taken simple steps. Changing your password on a regular basis and not using pass from one which seems to be common password a lot of people use. Changing the password on a regular basis. There's different levels of security oh that -- functional point that he can have. Who put your password in but then again you got to answer some security questions so there's a lot of simple things and and -- can get more into them more. Not complicated but. Born in depth things that the individuals and corporations Keyes is he's been in east totally involved. All we aren't. I'm sitting home all I use my computer or is to have. To research with the show that you get down on the Internet through your network great job you have -- as a sort of mean what I am using force seems to me -- Barely do his or whatever so my my point being. If you say it should change my password on regularly and make it. Work. I've tried that and opposed to cards in my studio with a written. And then I'd actually go wrong with a computer -- good -- -- the computer expert combined. And you'll leave that up at all. That's a book put in my wallet know. Somebody get to a ball and -- -- what can they do all the several servers and you can get on that you give it to him encrypted. -- didn't -- it that they get fifteen million that there are things -- when they send me an email saying pay. Call us back -- get everything fixed target at all that I need to pay elsewhere to get in that I don't have quickly gave it to them I can't put him a wallet. Can't bordered on the door. Afraid descended -- though the company they'll get hacked again. What you say sounds simple -- do it gel with the U. As necklace and I Kenya the expert again. Security is always bounce its way in house security are and how usable it but it appears. But where would grow to. I mean. You know I kind of disagree with the with the earlier advice of not putting it in your wallet I keep. Mean my driver's license my credit cards everything else at their door are important to me in my wallet I know to keep my wallet secure. If you're physically having a card. In your wallet. Someone steal your wallet okay they have your password but it would still need access to your computer analog and it's sort of a fourth two factor authentication. So is much better to have a complex password that you might have to write down as long as you can keep secured your wallet separate from computer. And it is to -- have a password as password to remember it disappear after he and there's no passwords and and they did wallet and change. Or just like you lose your wallet united artists. New credit cards -- anything you take credit 'cause he put him in a while news and right. Who room. So it's the same thing I told Ria community but what. But if you lose your. Wallet usury credit cards. The direction more secure because your password goes to your computer and therefore there and I can have access to computer but here -- you financially you're going to be in trouble. All right but it isn't true for -- Q you mentioned the term for a book with me. All internal threats are you know you're insider threats salute anyone who has some sort of access to your network because they're supposed to with the media client they may be employee. It's going to be much easier for them to gain access to company data may be because simply they need access to that data to do their day to day job but to stop these people from actually maliciously. Act. Accessing that data. Is it way more difficult than to stop an attacker from the outside -- zero access artists dispersant happens to be disgruntled -- happens get paid off by the right person. You know maybe they can just go and log into the database. To your credit card numbers and and delete to lots of the system isn't set up properly audit that. And it's actually very hard problem and you know that's with the NSA was recently at which -- Aren't. Take another break coming right back. We're thinking about hacking thing good about your loss of privacy that you or loss of identification. There are lots of power personal information is a big problem medium problem is -- -- -- small. Go Diaw comes right back into this thing tonight. Are welcome back were whipping -- about -- acting whipping him. Loss of privacy. How secure all these electronics and we started us. Because there was in BC report lists so she's obviously coats on chiefs of those. Thing. By one million -- -- reporters should just -- -- -- general. Brought in to computers will bring you reload the false information. With my name and when dumpsters -- got to tell. And we clicked into war. Cell phones and all the information -- slow and we'll open everything's so you know the computer. And the bottom line is there anybody that comes -- -- gonna have all the information so. I get it this morning to do little homework in a -- in three different reports from security. Companies that say that was a false report that's what they say here two things a couple of it could have happened in -- And happened to a brand new devices without old C update I'm I'm sorry or else updates. We have. With the with the support troops you'll. Digital forensic expert from bubble we're in excellent quality isn't -- as -- It's their operate OS -- operating systems. If you happen to be running win dues or Mac OSX. They will be after that software ships do you there may be security vulnerabilities that are discovered. They're automatically updating facilities summer less automatic and others you might have to click a button and say go ahead and update me. That will patch those vulnerabilities that make you no longer vulnerable. But as soon as a vulnerability is is found and it's and it's out there people -- -- actively tried to attack that. So they can attack your computer in the window of the time between. When the vulnerabilities discovered and when you pack your computer so the longer you go without patch -- computers the more at risk you are packing your computer copper. It's what we almost every time I open my computer parts of unity and OK it was -- so I clicked on. I don't show that probably about a year ago talking about loss of personal situation -- in the -- -- -- finishing. -- -- -- There's and there's no passing Mario. Pardon there's there's no patching up Patrick fishing rights it's it's it's a human perception you also need to be educated and I mean Bono look at the things that you need to. One of the -- that route. It's. That's difficult president. Where -- all -- who -- these computers. Even what the Ph.D. in computers if you're not actually getting in there and digging into it yourself looking -- it it's it's you know -- myself cannot cannot. And that's by the Obama put it. Just think that's good for. Let's say we don't get duke university in the that if we did make an audio. And we hit a couple of they're pursuing -- all of our information stolen and tomorrow. What happened you -- perception. Not the real. The perception. Good friend of mine who is highly educated at a law firm he carries a wallet with some kind of a little line around it. For fear they -- walked past the coffee shop and somebody is do you lose information. -- -- -- -- -- Can we reassured that calm. Things are not that just -- settled down and do not what you. I think Garland there's a certain amount of sensationalism. In these reports that get people feared. And so. I think it's a little at it's blown out of proportion in some instances I think the real. The crux of the matter is. We needed to just be aware and do our due diligence. And take -- necessary steps that we that are simple. And if you wanna go up to a higher level you certainly can do that. Take does not necessary steps to protect ourselves and our data both at the corporate and individual level. I don't think it's to that magnitude that you know having. Correct me from Rondo but having led around your wallet so. That doesn't advocate -- that's probably over the edge. In in an essential unless he's got something that is just unbelievable and valuable that -- don't want anybody and he should have I'm in the first place. So I think those are. -- -- -- Yes. That some people use these with a call RFID shields on the ballot and and and the reason is that sickness and in to a credit cards are having this functionality where you don't have despite them being go up to the the gas and just touch it to them. And and automatically transfer transmit the information. But now we're taking information that's he was once and -- on a card and wirelessly transmitting it sowed fear there issue gonna walk you walk by someone can brush against you. Don't -- -- to close enough that they can read your credit card information about how to haven't actually take your wallet. I'm going back to the other point. People. Have been perception of okay now online shopping is is no longer safer swipe of my credit card at the stores no longer safe. While the the reality is. Buy it for these vendors to be -- have. The functionality where there's like in the cards and a half to. Follow certain compliance which means they have to have a minimal amount of security. Now compliance doesn't necessarily mean that they're secure but there at least having have a minimal amount of security. I don't think anyone here has ever had a problem with paying with a credit card rash rot where. You know server who's who's making less than minimum wage is walking off with your credit card out of sight could be easily topping on your credit card numbers. People. Understand that yes it is a risk but it's convenience and its convenience we've learned to live with and I don't think people are gonna start going back to cash. They'll put up you know come right. Our tour gifts because -- the purpose of the show was fun and out of hacking is that big a threat to -- we assume at that point we're saying not that big as long as -- Yet that's a really good point Garland is just be vigilant about it some of the stories if you think it sounds a little questionable you know. They investigate that with the NBC story about it on automatic -- of computer and getting into the phone that's not true. -- it and little and go to each of good soon no doubt that turned the text on. Lot of groups and how to -- hold these people from do you personally. More willing to tell -- first what to do. Nice to run Louisiana technology council for the love we used to do events and Homeland Security some very passionate about making sure people are secure but right now a partner at the business management consulting firm Simmons and white. We help companies with extraordinary business challenges -- growing very rapidly but just can't get to another level. Obvious security issues -- they have financial issues and and companies are doing very important Collison we come in and then put some strange place to help them become. Better in terms of prop the profitability and revenue will. I'm the managing partner of five -- labs and we -- and a number things digital forensics in instant response so that range of digital. So digital blood dead bodies. It is not dead bodies on the computer access. It's more of if you think someone in your organization though are is committing a computer crime that we can come and and and figure electorate. And it as well as we do -- there's also wouldn't personally work on the target but if companies like target pact would come in and figure out what -- -- -- with the attackers -- how they got in that sort of thing. And as well as we do -- testing so it's -- -- Proactive as far as we can comment trying to actually hack into your network using the same techniques and figure out whether or not networks secure. -- questioned should we worry about the the government with the big either collections that they do philosophically I'm -- about it but. Winning those. I. And -- -- elected -- potential. It has a potential for risk but it do I think that the US government is spying and me personally -- but do do I liked the idea of the US government having carte Blanche access over everyone's data at all times going on any network that scares me. Mark through the. I agree with town non. You know there's so much information out there that the government access in the united has really opened up the world to information. That get scary sometimes and certain people have access and we'll do all they can hurt people. Including the even the government trying to spying on people when they really shouldn't mean there's a concern for that and we need. We just need to protect ourselves again and I just emphasize everybody. Do your diligence. Make sure you do that -- it's very important things to keep your data security keep your life to care. On your privacy is is not as private as it was 1015 years ago and -- figure things any -- Learn -- appreciated. Tell him in the expertise that definitely learned something. And we do. Technology shows a regular basis. So what commitments to those mortgage and the you've got -- absolutely combat -- big -- thank you certainly allele and.