WannaCry 2017 Cyber Attack: “Its like a using last year’s flu shot for this year’s virus”

In response to the WannaCry cyber attack currently hitting Europe and parts of Asia, Tim went on the Ron Jolly Show on WTCM NewsTalk 580 this morning to chat about how you can stay safe. Click the link below to listen, or read the transcript below!

Tim: [about updating new software] At times, it’ll break other stuff, and you may not want to because it might make some other piece of software not work. And then you gotta go back in and fix that and you think aw the heck it’s working, I’ll leave it. But you don’t want to do that.
Security is layers. It’s like a flu shot. And you wanna do it. Last year’s flu shot won’t help you this year. So you gotta keep things updated.

Ron: Now, what do you do for your clients to help them avoid this? Is it that simple? Is it making sure they do their updates? What kind of things do you recommend?
Tim: There’s one other layer that’s a really critical layer. So, this particular one [ransomware] is kinda new, because this one ran this kind of an exploit without any user interaction. That’s what’s made this one quite different. It’s why so many hundreds of thousands were affected so quickly, primarily in Europe, so far. Now it’s starting to hit a little bit of Asia, not so much in the U.S. so far.
But what’s always been the issue with ransomware is when you click on an attachment in an email. and that runs a piece of software in the background, and thats what starts it all.
Ron: That’s how it gets into your computer?
Tim: Normally, yeah, but not this particular one. This particular one came in through an exploit in the operating system. So if you were on the internet, you could be exposed.

Ron: Ok.

Tim: Normally, up until this point, it’s basically been that the user makes the mistake. Someone gets an email and thinks, ‘hey, it comes from Ron Jolly, it must be okay’. But it didn’t come from you, it was spoofed to look like it came from you. I double click on the extension ; maybe it’s from UPS, we’re trying to ship it, here’s your invoice. you think, “I don’t know what this is but I’ll open it and see what it says”. And then in the background, quietly, something happens.

Ron: Oh boy
Tim: So you should be extremely careful when you’re opening up any kind of an attachment in an email.
But, for this particular attack, you need to stay updated.

Ron: Are Mac computers as vulnerable as Microsoft systems?

Tim: No. Well, not – the operating system is just as vulnerable. They have had their share of attacks, too. But if you’re a ransomware guy and you wanna get money, you’ve got somewhere along the lines of 30-40 to 1 of Windows-types of PC’s out there.

So your actual payload is – you have a much greater chance of making real money.

There’s fewer Macs. and that plays as much into it as anything. So the virus guys won’t go as much for Macs because there’s not as many people using them, for operating systems.

Macbooks, Macbook Pros, that kind of thing. They have their own problems, although they’re not as bad as Windows, I have to say.

Ron: If you do get a ransomware attack, other than paying the ransom, which doesn’t guarante your files will be freed up, is it like a virus, where you can bring it to a guy that fixes computers and have him do it?
T No, it’s not like a virus. It actually encrypts the files. and if you don’t have the encryption key, you don’t get your file back.

That’s why the backups [are important]. We have to restore from yesterday’s backup – or, in our case and like a lot of people like us, we do backups every few hours. If someone does something at 2 o’clock, I’m able to get the noon backup and do a restore from that.

That’s why, again, there’s another layer. Backups are a layer of security protection. And having many backups a day are a layer. So all that helps.

Ron: Make sure your updates are being updated, your Microsoft security essentials or whatever updates, and if you’re a business and you don’t have an IT person, even small businesses, Terrapin Networks, with Tim Gillen, specialiazes in protecting you from this kind of a thing.

Tim, we’ll catch up down the road, but thanks for your insight here today.

Tim:  You’re welcome, my pleasure, thanks.

Share This:Facebooktwittergoogle_pluspinterestlinkedinmailby feather

Breaking Down the Congressional Rollback on Data Privacy Measures

Breaking It Down: Making Sense of the Privacy Measures At Stake with the Current Rollback of ISP Regulation

Confused about the new Congressional rollback measures regarding privacy laws? Tim was a guest on WTCM’s The Christal Frost Show on March 30th, regarding just that. Where the old law meets the new law may be a little difficult to understand, but he lays it out in a clear and easy way to so you can be informed as to just what’s at stake here. Click the above audio link to listen, or you can follow along with the transcript of the chat below (edited for clarity)


Christal: Now, if you heard here yesterday, we were talking about this whole deal with the privacy rule. Those ‘pesky old’ privacy rules are gone now, and Tim’s going to explain just how it actually will affect you.  How will it affect you? Will those companies actually sell your personal data?  What does that mean? Are they going to come up with an excel spreadsheet for every time that you ever searched for anything on the internet? Well, Tim’s going to give you an example of how it’s really going to affect you. That’s coming right up, right here on WTCM NewsTalk 580.

(music interlude)

Christal: NewsTalk 580 WTCM, Thursday March the 30th! You know what, Tim Gillen is here, with his cowbell, because you gotta have more cowbell (laughter)

Tim: More cowbell. More tech bell? More techy cow bell? (laughter) sorry about that.

Christal: Well welcome back to the show, Tim Gillen.

Tim: Yeah, good morning!

Christal Tim now joining us from Terrapin Networks. Tim, I always feel like I’m calling you in a panic. I say, “Help! What should I be afraid of!? What should I not be afraid of when it comes to the world of technology!?” And some things have opened up, as we have opened up. There’s an entire world! I can reach out and touch somebody “cyberly” in a completely different continent. It’s amazing!

Tim: yeah!

Christal But what happens to your data history? What happens? Who knows your cyber footprint? And is it for sale? Now, this week, we’ve had a lot of people who were really afraid, who were up in arms because those privacy rules that were supposed to be going into effect at the start of this year, well, they were kiboshed. I mean, no more.

Tim: That’s right. Well, they’re being rolled back.

Christal: Rolled back

Tim: yep. And actually, the way that they were rolled back is under what’s called the Congressional Review Act, CRA. Which means, now, the FCC can’t bring them back up again. So it’s actually kind of a big deal. In 2015 at some point, the FCC, under the Obama administration, was making a push to make internet connectivity, ie the broadband carriers, to treat them more like telephone companies. This was what’s called a ‘common carrier”

Christal: So, broadband carriers; those were the people that like, if I click on Internet Explorer, is that my ISP?

Tim: An ISP, “Internet Service Provider”, is a broadband carrier. That’s what they are. They’re providing internet connectivity to your home, to your office, and actually to your telephone, really to everything.

Christal: To your life

Tim: Yup! And they go back to backend trunks that have, whether it’s AT&T, or other really large companies, that provide the real backend stuff. As a matter of fact, you may remember,  after 9-11, one of the big issues on the business front was the bottom of one of the towers was a massive data center. All the internet connectivity that came into New York City, and all around there, came into the bottom of that building.

Christal: Wow

Tim: and that was a big deal. The idea of the internet, of course, is that there is structured reliability, structured redundancy, kind of like the freeway system. If US-31 is closed down, you can still go around it,

Christal: You can renavigate

Tim: Exactly. Which was the idea of the freeway system, to help people evacuate. One of the large core things, besides the commerce part of it, like making it easier for trucking and goods and services to move around the country, was also to be able to evacuate cities in the event of nuclear war. That’s what it all came from in the Eisenhower administration. Kind of an early advent of the Cold War. And in a way, that’s what the internet was all built around also, was to give the ability for the Defense Department the ability to always communicate. Same thing, if one city has a nuclear attack, then the data from that one city can be routed around. And we would have structured web of redundancy.

So! That’s overkill, I suppose, sorry about all that! But that still kind of explains to us all what’s happening here.  The broadband connectors, which are to us, as people who have homes and businesses, are referred to as the “Last Mile”. You and I specifically don’t talk to this “trunk” that’s routed down to Grand Rapids then hops over to Chicago, hops over to Denver, we don’t really understand all that, and don’t need to. The “Last Mile”  is the connectivity that comes to us from Charter or AT&T in our neck of the woods, and 183Networks and some of these folks who are doing it locally, or wirelessly, that’s what is referred to as the “Last Mile”.

Christal: Ok

Tim: And so, that part of things is really what we’re talking about, primarily. Those carriers, AT&T, Comcast, Charter, Spectrum.

Christal: And your phone carriers, too, are now offering.

Tim: Well, the phone carriers too, but that’s Voice Over IP, so that’s one of the pushes for why they [the carriers] wanted to move. So, let me jump back one more step, so in 2015, all of the broadband carriers were regulated through the Federal Trade Commission, the FTC. And that was one of the first things to happen in 2016, was to declare them common carriers, all the ISPs, the broadband and connectivity providers to your home and office, and move them over to the FCC on the regulation side. So that they would be regulated more like telephone companies.

And this was kind of what net neutrality was all about. To open this up, across the board, and not allow the broadband carriers to give a discount to Netflix, or to charge Netflix more.

Christal: Ok, so that’s where that was born

Tim: So that’s why Google and all those guys really wanted Net Neutrality, they were all offering it from a standpoint of ‘freedom for all people’. Because now, in some parts of the country, 15, 18, 20 percent of ALL internet traffic is from Netflix

Christal:  Wow!

Tim: Because they’re streaming videos, which take up a lot of data.  Google gets a lot more activity, Facebook gets a lot more activity, but it’s smaller activity because it doesn’t take up as much of the “pipe”, if you will.  It’s kind of like a hose, where only so much water can go down it; that’s a really simplistic way of putting it, but that’s sort of what’s happening.

And so, by moving that over there the FCC had a chance to start doing regulation that’s very different. The FCC tends to regulate “pre” stuff, where the FTC tends to regulate “after”. So the Federal Trade Commission comes after you if you are deceptively selling , and the FCC goes after broadcasters to make sure they’re not deceptively selling in the first place.

Christal: Ok, so prevention, and the other one is…

Tim: Preventative and proactive. After the fact and before the fact, all of it.

So, with the FTC, as long as you had some kind of an opt-in, as long as I told you, “I might sell your data”, and/or they could regulate to give you an opt-in, or, I should say, an opt-out; if you don’t want it, click here.

Christal: Mhhmm

Tim: The FCC will start to say, “No, we’re gonna make that so you can’t do that in the first place,” And that’s what’s changed things.

Now, one of the big uproars here – the reason that some of the Republicans put this through, to give you their side of it – was to roll back the implementation of these regulations. Keep in mind, at the moment, nothing has changed. This was all decided in October, just a few months ago. This wasn’t decided earlier in any administration. This was kind of a late term thing in 2015 and then late 2016, and the idea was to put these regulations in place to come into effect this coming December, in 2017. At the moment nothing’s changed and all they’re saying is, “We’re not gonna have these take effect in December”.

But here’s the point of it: Google and Facebook and those kind of content providers, because they’re not this underneath backbone broadband provider, they’re after the fact, so they’re regulated under the Federal Trade Commission. So they get to harvest all the data that they want. And, of course, they really wanted to get the broadband people over to the FCC side, because that gives them almost  exclusive right. Because Google and Facebook, just to use those two, exist purely to harvest data.

Christal: That’s why they exist

Tim: Yes, that’s why they exist. And the broadband people, frankly, bluntly, want a piece of that action. That’s what they want. “Ok, all this traffic’s going over our wires, why can’t we harvest some of that and sell it, too? This is a money train for Google and Facebook, why don’t we get some?”

And that’s kind of what’s happening here. The broadband infrastructure providers, Comcast, AT&T, started buying up some advertising, data harvesting type companies, because they wanted to start grabbing your data and start selling it in the exact same way that Google and Facebook do. And now, of course, they’re under this regulation coming up that says, you can’t do that. And they were screaming, saying, “Wait a minute, that’s not fair.”

So when you hear a wonderful politician saying, “oh he’s fighting for the people on this,” which, of course, that’s what they all do, we all know that, (laughter)] but that’s the whole point of that. Is to say, well, these guys should be able to, too.

Now, there’s a fundamental difference, of course. You willingly go out to Google, you make a contract with Google and Facebook, that says, “Yeah, I’ll use your search engine for free, and if I look for mattresses and I see some ads for mattresses off to the right, ok, I can live with that. It’s not exactly intruding on my life, really.”

Christal: It’s an agreement we made to them

Tim: It’s an agreement.  It’s a very specific agreement that we made, but most of us make it implicitly.

Christal: Sure!

Tim: And Facebook, of course, does the same thing.  Well, the difference is, the internet infrastructure providers are just a little more like air! If I just use the internet; they know everything I’m doing, every email I send, and where it goes. That’s a little bit different.

Christal: This is where it gets creepy.

Tim: It gets creepy. It’s a little bit different. And their ability to harvest real deep levels of data about your life; for example, they will be able to do a much better job of actually tracking and selling the kind of sites that you go to. Which, Google can’t do that.  So, if all of the sudden I’m going to a bunch of sites that talk about cancer, now they have my health information. They can track it down to what kind of shows my kids watch, and sell that.

Christal: Wow.

Tim: Yeah.

Christal: Is there a scenario where they could sell that kind of information to, let’s say, your insurance provider?

Tim: Absolutely!

Christal: Wow

Tim: And that’s what the very legitimate fear is, that people have. We say, “Oh, well, nothing’s changed”, and it hasn’t, but it was lousy to begin with. And only in the last four or five years have the broadband providers moved into this space, to try to start harvesting this data to sell it.  They finally got around to thinking, you know, “Google and Facebook are juts killing it, we should be able to do something with what we provide!”

Christal: And they can provide much more specific data.

Tim: Yes; much more specific, and much, much broader. Because they can tell when you’re getting up in the morning, and they can tell when you go to bed at night, and now they also – keep in mind, how we’ve talked often on these shows quite a bit, about the Internet of Things; your thermostats, your freezer that might be an Internet of Things, you know? The kind of thing that frankly that Google does not have the same kind of access to. Or Facebook doesn’t.

Christal: So there’s some real red flags to this

Tim: Oh, there’s real red flags.

Christal: Which is interesting, because I’ve heard people say, “Aw, it’s not going to, you know, affect you at all, it hasn’t gone into place”, but it really could!

Tim: Oh I think so. Actually, I can see the argument against moving the broadband providers from the FTC to the FCC. But this, there’s no doubt, this gives these people just ridiculously unfettered access. And now, because it was done within the Congressional Review Act – what that means is, because the Congressional Review Act was put in place a long time ago, as a way for Congress to, when – keep in mind the FCC, the FTC, we hear a lot about this now, with the Trump administration and with the Obama administration’s executive orders, they’re all part of the executive branch. So, they’re not legislated directly. They make their own regulations and they’re not overseen by Congress. So, the Congressional Review Act says that they can look at regulations that are made by these bureaucratic functionaries as part of the executive branch, that are underneath the president’s administration, and that Congress can say, “That doesn’t fit the laws we’ve made, so repeal them, roll them back.” Which is what’s happening.  Now, sometimes all it takes is an executive order, but sometimes, the FTC, or the FCC, and some of these, even the FDA, actually have the strength of law that the president can’t just undo with an executive order. So the Congressional Review Act, then Congress, can come in and decide, “We are gonna roll those back”.

Now, the problem is, the way that that law was written, is now the FCC can never touch it. The FCC can never bring it back up again. The only redress of any kind is through new legislation.

Christal: So there’s a lot to be worried about.

Tim: There actually is. You know, I don’t like it.

Christal: And you’re not an alarmist about these things.

Tim: I’m not an alarmist, but I don’t like it.

Christal: So, the super ad train, or the superhighway of ads as I like to sometimes refer to Google as, it seems a bit innocuous. It’s like you’ve said, “Ok, I’ve made this agreement with Google that I can use it as my encyclopedia, and look up everything that I need, and therefore you’re going to see what I am searching for and send it to advertising companies”.  But this seems a little less innocuous. It seems… honestly, it’s alarming.

Tim: And it’s also… I’ll get slightly alarmist here, in a libertarian fashion, but it means a lot more data out there to be harvested. And now, if they can sell it to corporations, I would think the government probably has access to it, too. And so now, there’s a lot of social issues that might be coming into play here. If you’re buying ammunition or looking into guns, what kind of a red flag are you putting up?

Christal: Sure!

Tim: If you’re searching something on sexual abuse, or child abuse, what might you be searching for? Why are you searching for that? It might be for a report, it might be something you’re involved in, like a non-profit, like with some stuff that I know that you’re a part of,  or it could be something more nefarious. So if they have this information, maybe they might be knocking on your door. And that starts to open up a whole… I mean, it just changes everything.

Now, I’m one of those that thinks: all that might be fine if it were structured through a very specific opt-in. I should be free of it unless I agree to it.

Christal: Sure. And that’s not the scenario right now.

Tim: No, not at all. Or the scenario, right now, with Google and Facebook. And with Facebook now, this is with FTC regulations, it’s actually easier now to go into your privacy settings and  turn off a lot of that stuff. It’s not that difficult. and it’s not that difficult even on browsers now. All that stuff was done through FTC regulations. Now it’s not a specific opt in. It’s not that you’re opting out unless you agree to opt-in, but it’s still much simpler to opt-out. Those are FTC regulations that say ok, that’s fine [to have privacy setting], but you have to make it so you don’t have to have a PhD in technology to figure out how to turn this stuff off.

And that’s why, if you’ve noticed, with Facebook, if you go out to your privacy settings, it’s actually much clearer.

Christal: It is!

Tim: And that’s not because they love us, they’re Facebook. (laughter) It’s because they were told to.

Christal: That’s because someone told them.

Tim: Yeah. And if you’re gonna use the infastructure that the govenrment has created for these broadband companies, you’re gonna have to do this. And that’s what that’s all about. Which I happen to be in favor of.

Christal: Well, I would say so too. So this is not, I mean, you have people saying, “Calm down, nothing has changed”. Really, there isn’t anything that has changed.

Tim: That’s a fact. Factually, nothing has changed

Christal: Factually, nothing has changed, but here’s what we now are going to expect.

Tim: Yeah. All this did was actually shine some sunlight on what the intentions of the broadband folks really are.

Christal: Wow. Well, thank you so much for shedding that sunlight, even though it feels a little shady in here! I don’t like it. I mean, I have that Libertarian point of view like, “No! No! You don’t get to know anything about me.”

Tim: Absolutely, me, too. Leave me alone, and we’ll both be fine.

Christal: Exactly! Well, thank you so much for joining us, as always, Tim Gillen from Terrapin Networks. We got the rest of the entirety of the story, and a lot of history there, thank you so much.



Share This:Facebooktwittergoogle_pluspinterestlinkedinmailby feather

‘Small Fish’ Need To Worry About Data Security, Too, says Tim Gillen

Tim’s a regular guest on the Christal Frost show, and their discussions are always lively and interesting. You can listen to the entire segment here, but what we really wanted to showcase was the exchange in the audio file below.

It’s common for small businesses and regular old consumers (that’s you and me!) to think, “I’m too small for a cyber thief to target me. What do I have to hide!?” The answer is a lot! It always makes sense to safeguard your data and secure your information, as Tim spells out here:

Here’s a transcript, in case you are unable to play the audio:

Tim: It’s something to keep in mind; the way things have gone on with this is, the conversations we were having years ago with large corporations. The bigger fish are tying stuff down pretty well [in regards to data security]. Where the money is, is in the small fish. The small businesses, and people’s personal stuff. Because they think, “Ah, it’s not a big deal for me, I’ll let Ford Motor Company worry about that, or the local hospital, or Hagerty, or locally something like that.”
Christal: Right, but they have already worried about that.
Tim: Oh of course they have. That’s not easy pickings. Easy pickings is some small business, mom and pop shop, that thinks “this has got nothing to do with us.” But they could have 10’s of thousands of dollars in the bank, especially before payroll, and that’s easy to get to.
Christal: Right! So, here’s the deal. If you are in a scenario where you need some help, you own a small business, and even if you’re just looking for someone to help you with your own private home stuff, you could definitely refer someone. But Terrapin Networks, that’s the best place to go for small businesses.
Tim: well, that happens to be what we actually specialize in. We don’t take care of large factories and stuff like that anymore. We do all small businesses. Because we have found it’s a real niche market for us. All the risks are so similar. And it’s easy to overlook at that level. So that’s what we’re able to do.

Share This:Facebooktwittergoogle_pluspinterestlinkedinmailby feather

Which Cloud-Based File Sharing Service is Best For Your Small Business? (with chart!)

With so many options, which is the best file-sharing service for you?

It can be difficult to decide which cloud-based file sharing service is best for your small business. Deciding on the service your company will use is one of the simplest (yet important!) business decisions an owner can make; the file-sharing service a company uses impacts all employees. Cloud-based data sharing keeps relevant company data accessible to both you and your employees, as well as maintaining that all employees have access to only the most up-to-date files at all times.

But which service is best? There are dozens of cloud-based file-sharing services out there, and many cater to small business needs. We took a look at three popular options: Google Drive, Dropbox, and ShareSync (which Terrapin offers as part of its T-Cloud Services) Each of the most popular uses of the various programs is listed, including whether the service offers strong data encryption and MS Office integration, two of the most popular needs of a small business. Take a look at our chart below, and decide for yourself which service fits the needs of your small business best.

Which Cloud-Based File Sharing Service is Best for Your Small Business?


Share This:Facebooktwittergoogle_pluspinterestlinkedinmailby feather