1 00:00:00,280 --> 00:00:02,840 Speaker 1: Brought to you by the reinvented two thousand twelve camera. 2 00:00:03,160 --> 00:00:08,920 Speaker 1: It's ready. Are you get in touch with technology? With 3 00:00:09,039 --> 00:00:18,079 Speaker 1: tech Stuff from how stuff works dot com. Hello again, everyone, 4 00:00:18,120 --> 00:00:20,800 Speaker 1: Welcome to tech stuff. My name is Chris Poette and 5 00:00:20,800 --> 00:00:22,480 Speaker 1: I am an editor at how stuff works dot com. 6 00:00:22,480 --> 00:00:25,280 Speaker 1: Sitting across from me, as always, his senior writer, Jonathan 7 00:00:26,760 --> 00:00:31,840 Speaker 1: return to cinder address unknown, no such number, no such zone. 8 00:00:33,240 --> 00:00:35,519 Speaker 1: So today you're not phoning it in, You're mailing it in. 9 00:00:35,640 --> 00:00:38,080 Speaker 1: That's right. I have taken a step back. I'm going 10 00:00:38,200 --> 00:00:42,880 Speaker 1: even I'm putting in even less effort than normal. Great 11 00:00:43,840 --> 00:00:46,560 Speaker 1: that that will leave me to do my normal job 12 00:00:46,600 --> 00:00:49,839 Speaker 1: of going uh huh with a whole lot of silence 13 00:00:49,840 --> 00:00:53,159 Speaker 1: around it. Well, it will be a nice change. We 14 00:00:53,240 --> 00:00:56,760 Speaker 1: actually have a request that came in through Twitter. So 15 00:00:56,840 --> 00:01:03,120 Speaker 1: here's our tweet request from Luke. How did the epsilon 16 00:01:03,360 --> 00:01:07,479 Speaker 1: email hack work? Well, Luke, we're gonna break it down 17 00:01:07,560 --> 00:01:10,480 Speaker 1: for you. Um Now, first, before we talk about how 18 00:01:10,520 --> 00:01:13,840 Speaker 1: it worked, I guess we need to talk about what happened, right, Yes, 19 00:01:14,720 --> 00:01:18,360 Speaker 1: So I can talk about this from a personal standpoint 20 00:01:18,520 --> 00:01:21,119 Speaker 1: because I was one of the people affected. I can 21 00:01:21,120 --> 00:01:24,480 Speaker 1: talk about this from five personal standpoints. Yeah, if I 22 00:01:24,520 --> 00:01:27,319 Speaker 1: talk about it with my wife in mind, I think 23 00:01:27,360 --> 00:01:30,640 Speaker 1: I probably close to the same number. I only received 24 00:01:30,640 --> 00:01:34,120 Speaker 1: one email, but she apparently received several and you received five, 25 00:01:34,640 --> 00:01:38,000 Speaker 1: right right, So so okay, okay, okay. So when when 26 00:01:38,040 --> 00:01:42,000 Speaker 1: you're signing up for an account with a service, a 27 00:01:42,000 --> 00:01:46,760 Speaker 1: notification service, or you're buying something from someone and somebody 28 00:01:46,920 --> 00:01:50,120 Speaker 1: somebody that that you know, somebody that you trust, uh, 29 00:01:50,160 --> 00:01:52,600 Speaker 1: and you go and you you see the little thing 30 00:01:52,680 --> 00:01:55,480 Speaker 1: where it says by accepting that clicking this box, you 31 00:01:55,520 --> 00:01:58,040 Speaker 1: agree to the terms of service and the privacy policy. 32 00:01:58,080 --> 00:02:00,560 Speaker 1: And sometimes you do and sometimes you don't click on 33 00:02:00,600 --> 00:02:03,320 Speaker 1: the links for those things and read through them. Uh, 34 00:02:03,360 --> 00:02:05,480 Speaker 1: there's this one little piece of language you probably have 35 00:02:05,520 --> 00:02:07,240 Speaker 1: seen if you've actually gone to look at those and 36 00:02:07,240 --> 00:02:10,799 Speaker 1: that's that part where it says, I agree to have 37 00:02:10,919 --> 00:02:15,600 Speaker 1: my data shared with our trusted business partners and uh, 38 00:02:15,919 --> 00:02:18,720 Speaker 1: basically for the for the purpose of delivering services to you. 39 00:02:18,800 --> 00:02:21,359 Speaker 1: So if if you let's let's say you've you've you've 40 00:02:21,400 --> 00:02:24,400 Speaker 1: decided to sign up for your local grocery stores rewards 41 00:02:24,440 --> 00:02:27,520 Speaker 1: program and because you know you can get you know, 42 00:02:27,560 --> 00:02:29,959 Speaker 1: twenty cents off this and fifty cents off that when 43 00:02:30,000 --> 00:02:32,200 Speaker 1: you show your card, and lots and lots of people 44 00:02:32,200 --> 00:02:35,079 Speaker 1: do it. Um some people don't because they feel like 45 00:02:35,120 --> 00:02:37,639 Speaker 1: it's an invasion of privacy. Well, you know, maybe it is, 46 00:02:37,680 --> 00:02:40,480 Speaker 1: maybe it isn't. In this case it is, but out 47 00:02:40,560 --> 00:02:43,640 Speaker 1: they were right. But so, so what happens is you've 48 00:02:43,680 --> 00:02:45,240 Speaker 1: signed up for this deal, you get the little card 49 00:02:45,240 --> 00:02:46,920 Speaker 1: to put in your little key fob to put on 50 00:02:46,919 --> 00:02:49,080 Speaker 1: your your key chain so that they can scan it. 51 00:02:49,919 --> 00:02:52,920 Speaker 1: And then what happens on the other side is the 52 00:02:52,919 --> 00:02:54,560 Speaker 1: company says, well, you know what, this is a lot 53 00:02:54,560 --> 00:02:58,600 Speaker 1: of work maintaining this giant database of people who are 54 00:02:58,760 --> 00:03:01,560 Speaker 1: our beloved customers. And you know, of course they are 55 00:03:01,600 --> 00:03:04,160 Speaker 1: because they're spending money with it, and we have you know, 56 00:03:04,200 --> 00:03:08,360 Speaker 1: our our business is not the maintaining of a database. 57 00:03:08,440 --> 00:03:11,560 Speaker 1: Our business is blah blah blah. Absolutely and if you're 58 00:03:11,600 --> 00:03:14,800 Speaker 1: doing blah blah blah, you you want somebody and you 59 00:03:14,800 --> 00:03:17,120 Speaker 1: need somebody you trust that literally, they are a trusted 60 00:03:17,160 --> 00:03:19,440 Speaker 1: business part. You want to find somebody who can maintain that. 61 00:03:20,320 --> 00:03:23,799 Speaker 1: And so what's going on here is they say, well, okay, hey, 62 00:03:23,919 --> 00:03:28,320 Speaker 1: you guys over here, can you manage our marketing database 63 00:03:28,360 --> 00:03:31,080 Speaker 1: for us? Send out the weekly flyer for us, you know, 64 00:03:31,120 --> 00:03:33,520 Speaker 1: for the people who want that, uh, you know, keep 65 00:03:33,560 --> 00:03:36,840 Speaker 1: track of the rewards points that they've earned when they 66 00:03:36,840 --> 00:03:39,320 Speaker 1: shop with us. Can you do that? And they say, oh, absolutely, 67 00:03:39,320 --> 00:03:41,920 Speaker 1: you can trust us. Yes, And and the whole point 68 00:03:41,960 --> 00:03:45,440 Speaker 1: here is again, the company the in question is trying 69 00:03:45,520 --> 00:03:47,600 Speaker 1: to let's just say that it's a for for the 70 00:03:47,640 --> 00:03:50,720 Speaker 1: basis of this discussion, let's say it's a retailer. So 71 00:03:50,760 --> 00:03:54,400 Speaker 1: we're saying this is a major retailer of of consumer products, 72 00:03:54,800 --> 00:03:58,480 Speaker 1: and that the major retailer, you know, their concentration is 73 00:03:59,120 --> 00:04:03,120 Speaker 1: keeping inventor or a selling products, moving, moving the marketing. 74 00:04:03,680 --> 00:04:07,160 Speaker 1: You know, they got a lot of demands on their attention. 75 00:04:07,600 --> 00:04:11,720 Speaker 1: So it makes sense to to outsource this database management 76 00:04:11,760 --> 00:04:16,400 Speaker 1: to another company and then the retailer can concentrate it's 77 00:04:17,360 --> 00:04:21,520 Speaker 1: full focus on conducting business. What could possibly go wrong 78 00:04:21,560 --> 00:04:25,320 Speaker 1: with this? So let's say that you are the company 79 00:04:25,400 --> 00:04:29,520 Speaker 1: that maintains databases. All right, So your customers are these 80 00:04:29,640 --> 00:04:33,720 Speaker 1: major major corporations and financial institutions. Because some of these 81 00:04:33,720 --> 00:04:37,360 Speaker 1: are banks. You know, there's some banks that and credit 82 00:04:37,440 --> 00:04:40,920 Speaker 1: unions that, uh use this sort of stuff. Then there's 83 00:04:41,040 --> 00:04:45,479 Speaker 1: you know, retailers, there's grocery stores, there's all sorts of companies. 84 00:04:45,480 --> 00:04:49,560 Speaker 1: There's travel companies, travel agencies, that kind of thing. Um, 85 00:04:49,640 --> 00:04:51,880 Speaker 1: so you have all these databases, well, that means that 86 00:04:51,960 --> 00:04:56,200 Speaker 1: you are also a beautiful target for people who want 87 00:04:56,240 --> 00:04:58,919 Speaker 1: to get as much information about as many people in 88 00:04:59,040 --> 00:05:01,760 Speaker 1: one strike as possible. That's right. If you're one of 89 00:05:01,800 --> 00:05:08,080 Speaker 1: these companies, trust is and and that of customer confidence 90 00:05:08,120 --> 00:05:13,520 Speaker 1: for your customers is of paramount importance. You. This is 91 00:05:13,560 --> 00:05:15,880 Speaker 1: when you go and you you're you're trying to get 92 00:05:15,920 --> 00:05:17,880 Speaker 1: a new client, and you go to this big, big 93 00:05:17,920 --> 00:05:20,080 Speaker 1: company and you put down the portfolio of all the 94 00:05:20,080 --> 00:05:22,200 Speaker 1: other companies that you're helping, and go, look at all 95 00:05:22,279 --> 00:05:25,880 Speaker 1: the people who trust us. You should trust us to 96 00:05:26,600 --> 00:05:28,880 Speaker 1: do business with us, and we will totally manage this 97 00:05:28,960 --> 00:05:32,320 Speaker 1: affiliate marketing program you've got going. Right, So then what 98 00:05:32,480 --> 00:05:36,640 Speaker 1: happens if say someone is able to infiltrate that system 99 00:05:36,800 --> 00:05:39,880 Speaker 1: and steal information, Well, then you've got a breach of 100 00:05:39,920 --> 00:05:42,920 Speaker 1: trust and you have the potential to lose a lot 101 00:05:42,960 --> 00:05:47,920 Speaker 1: of clients really quickly because you have demonstrated that you 102 00:05:48,080 --> 00:05:51,080 Speaker 1: did you were not as secure as uh you had 103 00:05:51,160 --> 00:05:54,280 Speaker 1: uh made out to be. Because ultimately, this is going 104 00:05:54,360 --> 00:05:58,920 Speaker 1: to affect the customers of your customers. Right, So if 105 00:05:58,920 --> 00:06:02,719 Speaker 1: you're the big database company, your customers are these giant companies, 106 00:06:02,760 --> 00:06:07,120 Speaker 1: like like these retailers and financial institutions. Their customers are 107 00:06:07,160 --> 00:06:11,400 Speaker 1: all angry because their information has been stolen by a hacker. Now, 108 00:06:12,080 --> 00:06:15,520 Speaker 1: your your average customer is probably gonna blame the retailer 109 00:06:15,720 --> 00:06:18,200 Speaker 1: or the financial institution. They're not you know, they're not 110 00:06:18,279 --> 00:06:21,400 Speaker 1: looking beyond that because they get an email from uh, 111 00:06:21,480 --> 00:06:25,839 Speaker 1: you know, major retailer number one, and the email says, hey, 112 00:06:25,920 --> 00:06:30,559 Speaker 1: guess what. Turns out system was hacked and your name 113 00:06:30,680 --> 00:06:34,599 Speaker 1: and email address have been compromised. So someone has that 114 00:06:34,680 --> 00:06:37,800 Speaker 1: information now. Uh. In a course of course, that could 115 00:06:37,800 --> 00:06:40,680 Speaker 1: be a lot worse. It could have more of your 116 00:06:40,720 --> 00:06:43,920 Speaker 1: personal identification information there, like say a social Security number 117 00:06:44,040 --> 00:06:47,040 Speaker 1: or birth date, or credit card information, that kind of thing. 118 00:06:47,800 --> 00:06:50,360 Speaker 1: But name and email are bad enough as it is, 119 00:06:50,400 --> 00:06:52,520 Speaker 1: and we'll get into why it's bad a little bit 120 00:06:52,560 --> 00:06:56,360 Speaker 1: later in the podcast. Well, you're likely to blame if 121 00:06:56,400 --> 00:06:59,640 Speaker 1: you're the victim of this. So the person, the customer 122 00:06:59,680 --> 00:07:01,480 Speaker 1: who's a actim of this is likely to blame the 123 00:07:01,520 --> 00:07:06,080 Speaker 1: actual retailer or financial institution. Um. That's why a lot 124 00:07:06,080 --> 00:07:07,680 Speaker 1: of this information, like a lot of these companies have 125 00:07:07,720 --> 00:07:09,480 Speaker 1: said no, no, no, no, no, it's not our fault. 126 00:07:09,760 --> 00:07:13,360 Speaker 1: It's this this company that we trusted to hold all 127 00:07:13,360 --> 00:07:16,520 Speaker 1: this information for us. They're the ones who slipped up. 128 00:07:17,000 --> 00:07:19,600 Speaker 1: And it's interesting how they slipped up. You know. Ultimately, 129 00:07:19,600 --> 00:07:22,080 Speaker 1: we're supposed to answer the question how did this hack work? 130 00:07:23,320 --> 00:07:27,000 Speaker 1: It worked on a very basic, simple level. Let's talk 131 00:07:27,000 --> 00:07:31,280 Speaker 1: about a little bit about how hackers get into systems. Right. Well, 132 00:07:31,360 --> 00:07:33,800 Speaker 1: you know, I've I've seen war games. Yeah, you know, 133 00:07:33,880 --> 00:07:35,320 Speaker 1: I know that all you have to do is, you know, 134 00:07:35,400 --> 00:07:39,960 Speaker 1: dial up a machine and and you know type until there. 135 00:07:40,000 --> 00:07:42,680 Speaker 1: That is a way of doing it is called the 136 00:07:42,680 --> 00:07:45,800 Speaker 1: brute force method. It's when you are trying to brute 137 00:07:45,800 --> 00:07:49,240 Speaker 1: force a system by just going through a sequence of 138 00:07:49,280 --> 00:07:53,160 Speaker 1: passwords until one of them works. Not terribly efficient, takes 139 00:07:53,200 --> 00:07:55,800 Speaker 1: a lot of time. A lot of systems protect against 140 00:07:55,880 --> 00:07:58,400 Speaker 1: it by having a shut off. So if you try 141 00:07:58,480 --> 00:08:02,680 Speaker 1: to access it certain number of times with an incorrect password, 142 00:08:03,720 --> 00:08:07,640 Speaker 1: you get back a message saying you've attempted to access 143 00:08:07,720 --> 00:08:12,320 Speaker 1: this unsuccessfully too many times. Uh, access to this account 144 00:08:12,360 --> 00:08:15,119 Speaker 1: has been shut down for fifteen minutes, and you weren't 145 00:08:15,160 --> 00:08:17,640 Speaker 1: able to try and log in again until fifteen minutes later. 146 00:08:17,960 --> 00:08:21,280 Speaker 1: That makes that attack even less efficient, right, because now 147 00:08:21,520 --> 00:08:24,360 Speaker 1: now you're gonna have fifteen minute breaks between every five 148 00:08:24,400 --> 00:08:26,960 Speaker 1: attempts you try to get in, right, and then there 149 00:08:27,000 --> 00:08:29,920 Speaker 1: are some companies that completely lock you out. You know, 150 00:08:30,360 --> 00:08:33,480 Speaker 1: you know three ties, you've exceeded your limit. You're going 151 00:08:33,480 --> 00:08:37,000 Speaker 1: to have to call somebody to get your password reset. Um, 152 00:08:37,640 --> 00:08:41,000 Speaker 1: that's more of a consumer thing, I would say, rather 153 00:08:41,080 --> 00:08:43,160 Speaker 1: than the other. But I mean, you know that that 154 00:08:43,280 --> 00:08:45,960 Speaker 1: kind of technique is likely to cut down on the 155 00:08:45,960 --> 00:08:50,040 Speaker 1: efficiency and ability of hackers to make their way into 156 00:08:50,080 --> 00:08:53,040 Speaker 1: a system using a brute force method. Yeah, and you've 157 00:08:53,040 --> 00:08:56,520 Speaker 1: probably seen movies where people have sat down at a 158 00:08:56,559 --> 00:09:00,839 Speaker 1: computer and either they're running some weird decryptive decrypt program 159 00:09:00,880 --> 00:09:04,040 Speaker 1: which is making the letters of the past word appear 160 00:09:04,040 --> 00:09:06,800 Speaker 1: one by one, or they're typing in some sequence of 161 00:09:06,880 --> 00:09:10,000 Speaker 1: numbers or words or whatever and they magically get in. 162 00:09:10,600 --> 00:09:13,240 Speaker 1: The truth is that about ten minutes or last? Yeah? 163 00:09:13,280 --> 00:09:15,400 Speaker 1: The truth this. First of all, if you do use 164 00:09:15,440 --> 00:09:18,600 Speaker 1: that method, it takes a long time. And and second, 165 00:09:19,240 --> 00:09:22,080 Speaker 1: they're way easier ways of hacking into a system, and 166 00:09:22,120 --> 00:09:25,600 Speaker 1: it mainly deals with social engineering. In fact, I would 167 00:09:25,679 --> 00:09:29,880 Speaker 1: argue that most of the really successful hackers are masters 168 00:09:29,960 --> 00:09:34,880 Speaker 1: at social engineering. That's I would agree with you. Social 169 00:09:35,520 --> 00:09:40,560 Speaker 1: social engineering is manipulating people, not machines you are. You 170 00:09:40,600 --> 00:09:44,400 Speaker 1: are targeting the user, You're not targeting the system. Because 171 00:09:44,440 --> 00:09:50,400 Speaker 1: people are easily manipulatable, manipulate, manipulate, manipulate. You can make 172 00:09:50,440 --> 00:09:56,079 Speaker 1: people do stuff easily. Yeah. UM, I think it's sort 173 00:09:56,080 --> 00:10:00,000 Speaker 1: of funny because when we mentioned MAC virus is uh, 174 00:10:00,160 --> 00:10:02,199 Speaker 1: we get a lot of people who say there are 175 00:10:02,200 --> 00:10:04,800 Speaker 1: no Mac viruses. Well, most of the Mac viruses that 176 00:10:04,840 --> 00:10:07,760 Speaker 1: are out there require you to download a disk image, 177 00:10:07,920 --> 00:10:10,080 Speaker 1: double click on the disk image and make create a 178 00:10:10,160 --> 00:10:12,839 Speaker 1: disk install the program, go through the prompt where it 179 00:10:12,840 --> 00:10:14,840 Speaker 1: says are you sure you want to install the program? 180 00:10:14,880 --> 00:10:19,520 Speaker 1: Please enter your password. There are a lot of layer yes, 181 00:10:19,600 --> 00:10:22,040 Speaker 1: but what it takes to overcome that is social engineering. 182 00:10:22,080 --> 00:10:24,880 Speaker 1: And that's true for any operating system that has a 183 00:10:25,000 --> 00:10:28,560 Speaker 1: virus or something like that, UM in that style that 184 00:10:28,720 --> 00:10:34,160 Speaker 1: a lot of these require an element of convincing uh 185 00:10:34,200 --> 00:10:37,959 Speaker 1: the person to install the virus or the key logger. 186 00:10:39,120 --> 00:10:40,920 Speaker 1: You know, in this case, if you're trying to break 187 00:10:40,920 --> 00:10:43,160 Speaker 1: into a system, you might use a key logger, which 188 00:10:43,200 --> 00:10:47,319 Speaker 1: is uh basically recording every time every key you press 189 00:10:47,400 --> 00:10:52,840 Speaker 1: on the keyboard in an attempt to discover logins and passwords. Um. 190 00:10:53,240 --> 00:10:55,880 Speaker 1: And so if you want to install a trojan, if 191 00:10:55,880 --> 00:10:57,800 Speaker 1: you want to install a key logger or something like that, 192 00:10:57,840 --> 00:11:00,480 Speaker 1: in a lot of cases you have to fool the 193 00:11:00,600 --> 00:11:05,360 Speaker 1: end user into believing that that software is safe enough 194 00:11:05,400 --> 00:11:07,400 Speaker 1: to install on there. So you have to say, oh, well, 195 00:11:07,440 --> 00:11:12,360 Speaker 1: you know, it's just uh, you know, little RSS feed reader, 196 00:11:12,440 --> 00:11:15,319 Speaker 1: it's just anti virus. You wait, hey, we discovered a 197 00:11:15,400 --> 00:11:18,360 Speaker 1: virus on your your computer. You really need to download 198 00:11:18,360 --> 00:11:21,320 Speaker 1: and install this free software, right, and then you click 199 00:11:21,400 --> 00:11:24,560 Speaker 1: on it actually turns out to be malware. Although it's 200 00:11:24,600 --> 00:11:29,080 Speaker 1: it's masked as anti virus software, right, They have to hide. 201 00:11:29,160 --> 00:11:31,200 Speaker 1: That's the other part of this is once it's on there, 202 00:11:31,360 --> 00:11:34,240 Speaker 1: you can't discover it and go, oh no, look I 203 00:11:34,280 --> 00:11:37,000 Speaker 1: installed something terrible on my system. I need to run 204 00:11:37,040 --> 00:11:39,320 Speaker 1: my antivirus software. It's got to go no, no, I'm 205 00:11:39,440 --> 00:11:43,640 Speaker 1: still honestly, just this pro little program. I'm fine. Yeah. So, 206 00:11:43,640 --> 00:11:46,400 Speaker 1: so social engineering can take many different forms, Like it 207 00:11:46,440 --> 00:11:48,720 Speaker 1: can be as simple as walking through the front door 208 00:11:48,840 --> 00:11:52,000 Speaker 1: of a company and chatting up a receptionist and just 209 00:11:52,080 --> 00:11:55,040 Speaker 1: getting enough information where it gives you a guideline as 210 00:11:55,040 --> 00:11:58,360 Speaker 1: to what could be a password into the system using 211 00:11:58,679 --> 00:12:02,920 Speaker 1: you know, the receptionists information. That's totally possible. You could 212 00:12:03,880 --> 00:12:07,360 Speaker 1: end up identifying someone who works for a company and 213 00:12:07,400 --> 00:12:11,160 Speaker 1: then uh coincidentally meet up with this person in a 214 00:12:11,200 --> 00:12:13,720 Speaker 1: bar just by you know, following them and going into 215 00:12:13,720 --> 00:12:16,839 Speaker 1: a bar and applying them with drinks and slowly getting 216 00:12:16,880 --> 00:12:18,559 Speaker 1: information out that way. There are a lot of different 217 00:12:18,559 --> 00:12:20,440 Speaker 1: ways of doing it. Now, the way that this one 218 00:12:20,480 --> 00:12:23,080 Speaker 1: worked was very much what Chris was saying. It was 219 00:12:23,160 --> 00:12:27,480 Speaker 1: an email that came through that lured people who worked 220 00:12:27,520 --> 00:12:30,840 Speaker 1: for Epsilon. Epsilon is the company that's that database manager 221 00:12:30,880 --> 00:12:33,680 Speaker 1: that we've been talking about, that's the trusted business partner. Yes, 222 00:12:33,960 --> 00:12:36,599 Speaker 1: that's the company that that was handling all these databases 223 00:12:36,640 --> 00:12:40,600 Speaker 1: for for hundreds of clients, and this affected millions of 224 00:12:41,120 --> 00:12:43,760 Speaker 1: the final customers, which you know, people like me and 225 00:12:43,840 --> 00:12:47,079 Speaker 1: Chris um. So it was a it was an email 226 00:12:47,120 --> 00:12:50,040 Speaker 1: that was a phishing scam and uh what it did 227 00:12:50,120 --> 00:12:53,960 Speaker 1: was they it was targeting Epsilon employees in particular. And 228 00:12:54,720 --> 00:12:56,800 Speaker 1: one of the scary things is that this was a 229 00:12:56,960 --> 00:13:02,400 Speaker 1: known problem. Oh yes, this was something that return Path, 230 00:13:02,520 --> 00:13:06,240 Speaker 1: which is a company that is used for services like 231 00:13:06,280 --> 00:13:10,960 Speaker 1: tracking email delivery. It. Return Path had an alert go 232 00:13:11,040 --> 00:13:17,520 Speaker 1: out on November about phishing attacks that were aimed specifically 233 00:13:17,559 --> 00:13:21,360 Speaker 1: at companies like Epsilon that manage these huge databases, and 234 00:13:21,480 --> 00:13:25,440 Speaker 1: essentially that alert was, Hey, we're tracking a lot more 235 00:13:26,000 --> 00:13:29,240 Speaker 1: phishing attempts for people who work for these companies, and 236 00:13:29,280 --> 00:13:31,880 Speaker 1: we're guessing that the reason for this is they're trying 237 00:13:31,920 --> 00:13:37,040 Speaker 1: to get their hands on customer information like emails and names. UM. 238 00:13:37,080 --> 00:13:40,400 Speaker 1: Just as an aside, so that people know, UM, when 239 00:13:40,400 --> 00:13:42,960 Speaker 1: we talk about phishing, we're talking about the pH phishing, 240 00:13:43,520 --> 00:13:46,199 Speaker 1: which is UH. This is the type of social engineering 241 00:13:46,480 --> 00:13:50,040 Speaker 1: that doesn't necessarily involve software in your computer. In general, 242 00:13:50,080 --> 00:13:53,360 Speaker 1: a phishing attack is UM. If you've ever seen some 243 00:13:54,040 --> 00:13:57,319 Speaker 1: account an email saying that your your account has been 244 00:13:57,360 --> 00:14:01,320 Speaker 1: compromised and you need to UH send your user name 245 00:14:01,320 --> 00:14:03,760 Speaker 1: and password, and you realize, hey, I've never had an 246 00:14:03,800 --> 00:14:07,400 Speaker 1: account at that bank. UM, And wait if I if 247 00:14:07,440 --> 00:14:09,200 Speaker 1: I click on this link, it takes me to some 248 00:14:09,280 --> 00:14:11,480 Speaker 1: other completely different U r L. This is a social 249 00:14:11,520 --> 00:14:15,320 Speaker 1: engineering technique saying you know, we need all the information 250 00:14:15,320 --> 00:14:17,560 Speaker 1: you're willing to supply us, please fill it out. We 251 00:14:17,559 --> 00:14:19,560 Speaker 1: don't And and when you look at the r L 252 00:14:19,640 --> 00:14:21,040 Speaker 1: and it's not the same U r L as the 253 00:14:21,080 --> 00:14:23,840 Speaker 1: company that you're doing business with. They don't have access 254 00:14:23,880 --> 00:14:27,600 Speaker 1: to that information. So they try to create a website 255 00:14:27,640 --> 00:14:31,360 Speaker 1: that looks just like the one that you're bank uses, 256 00:14:31,520 --> 00:14:35,560 Speaker 1: or your other account holder uses or account provider uses, 257 00:14:36,000 --> 00:14:40,120 Speaker 1: and lure or fool you into giving away your user name, 258 00:14:40,160 --> 00:14:45,160 Speaker 1: your password, any other social security any information that you're 259 00:14:45,200 --> 00:14:48,800 Speaker 1: willing to give because that those types of data are 260 00:14:48,840 --> 00:14:52,320 Speaker 1: the kinds of things that people can use to falsify 261 00:14:52,440 --> 00:14:56,200 Speaker 1: records and steal your identity. Um so, I mean they 262 00:14:56,320 --> 00:14:58,400 Speaker 1: when we talk about fishing, that's in a broad sense, 263 00:14:58,480 --> 00:15:02,240 Speaker 1: they're they're trying to get important information from you by 264 00:15:02,240 --> 00:15:04,880 Speaker 1: fooling you into just giving it up on your own. Yeah. There, 265 00:15:04,880 --> 00:15:06,680 Speaker 1: And there are different techniques for that as well, Like 266 00:15:06,720 --> 00:15:09,040 Speaker 1: if you get you can get a phishing attack where 267 00:15:09,480 --> 00:15:12,240 Speaker 1: it's like Christmas saying it's from a bank that you 268 00:15:12,280 --> 00:15:16,200 Speaker 1: don't even use. Those that I have no idea what 269 00:15:16,240 --> 00:15:18,400 Speaker 1: you're talking. That's like a shotgun approach. I get these 270 00:15:18,440 --> 00:15:24,240 Speaker 1: all the time for Blizzard World of Warcraft accounts, and 271 00:15:24,320 --> 00:15:27,400 Speaker 1: I don't play funny, but I don't play World of Warcraft. 272 00:15:27,400 --> 00:15:29,280 Speaker 1: But apparently this is a thing. I didn't know it 273 00:15:29,360 --> 00:15:31,480 Speaker 1: was a thing. I got an email that said that 274 00:15:31,600 --> 00:15:34,880 Speaker 1: my account for Blizzard had been compromised, and I thought, huh, 275 00:15:34,960 --> 00:15:36,360 Speaker 1: that's a heck of a thing. I don't have an 276 00:15:36,360 --> 00:15:39,440 Speaker 1: account with Blizzard. I wonder how that happened. And uh. 277 00:15:39,560 --> 00:15:42,800 Speaker 1: And then I talked to Tracy Wilson, who is not 278 00:15:42,920 --> 00:15:46,480 Speaker 1: only a head of our editorial department here, she's also 279 00:15:46,840 --> 00:15:52,120 Speaker 1: a former World of Warcraft, let's say, enthusiast, and and 280 00:15:52,400 --> 00:15:56,400 Speaker 1: she said, yeah, that's a thing. There's there's this spam attack. 281 00:15:56,440 --> 00:15:59,960 Speaker 1: It's a phishing attack to try and get information from people. Uh. 282 00:16:00,160 --> 00:16:02,760 Speaker 1: And now I notice if I look through my junk mail, 283 00:16:02,800 --> 00:16:04,680 Speaker 1: I tend to get you know, my junk mail ends 284 00:16:04,760 --> 00:16:06,920 Speaker 1: up filtering it all out, but I tend to get 285 00:16:06,960 --> 00:16:10,080 Speaker 1: a few of those each week. Now, well, that's kind 286 00:16:10,080 --> 00:16:12,200 Speaker 1: of like the shotgun approach to fishing, but there's a 287 00:16:12,240 --> 00:16:15,600 Speaker 1: more directed approach where if the attacker has just enough 288 00:16:15,640 --> 00:16:19,600 Speaker 1: information about you to kind of tailor the phishing attack 289 00:16:19,640 --> 00:16:21,280 Speaker 1: to be more likely to get a hit. We call 290 00:16:21,360 --> 00:16:25,920 Speaker 1: that spear fishing. I as much as I dislike fishing, 291 00:16:26,240 --> 00:16:28,800 Speaker 1: I like that term. Yeah. So spear fishing is where 292 00:16:28,840 --> 00:16:32,760 Speaker 1: you have identified a particular vulnerability and you're going right 293 00:16:32,840 --> 00:16:36,000 Speaker 1: for it. Well, in this case, these these fishing attacks 294 00:16:36,000 --> 00:16:40,000 Speaker 1: that were directed towards Epsilon employees directed the employees to 295 00:16:40,120 --> 00:16:44,280 Speaker 1: a website where that contained a link that UH downloaded 296 00:16:44,360 --> 00:16:50,560 Speaker 1: and auto ran some malware onto the victims computers. So 297 00:16:50,960 --> 00:16:55,440 Speaker 1: that malware UH did several things. One it turned off 298 00:16:55,480 --> 00:16:58,840 Speaker 1: the anti virus software on the user's computer, so now 299 00:16:59,000 --> 00:17:03,600 Speaker 1: you're you're detective of on your machine has gone to sleep, right. 300 00:17:04,080 --> 00:17:07,480 Speaker 1: There was a trojan key logger called i Steeler also 301 00:17:07,640 --> 00:17:11,480 Speaker 1: used on that which is specifically designed to help hackers 302 00:17:11,520 --> 00:17:15,879 Speaker 1: steal passwords. And then there was another tool called cybergate, 303 00:17:16,240 --> 00:17:19,960 Speaker 1: which is used to gain remote control of a system 304 00:17:20,080 --> 00:17:22,800 Speaker 1: once it's been compromised. So you know, you guys have 305 00:17:22,920 --> 00:17:25,560 Speaker 1: heard us talk about hackers doing this with bot nets before. 306 00:17:25,680 --> 00:17:28,040 Speaker 1: That's that's exactly what this one was. It's just ahead 307 00:17:28,040 --> 00:17:31,879 Speaker 1: a very specific target. So once a couple of employees 308 00:17:31,880 --> 00:17:34,919 Speaker 1: fell victim to this, despite the fact that there had 309 00:17:34,920 --> 00:17:38,359 Speaker 1: been a warning in November of UH, and there's still 310 00:17:38,760 --> 00:17:42,320 Speaker 1: conjecture over whether or not Epsilon employees ever knew about 311 00:17:42,320 --> 00:17:45,000 Speaker 1: the alert. I mean, we don't know the information. Epillon 312 00:17:45,000 --> 00:17:48,040 Speaker 1: has not been terribly chatty about it as of the 313 00:17:48,040 --> 00:17:52,440 Speaker 1: recording of this podcast. Um, anyway, the the system was 314 00:17:52,480 --> 00:17:55,919 Speaker 1: compromised and hackers were able to access those databases with 315 00:17:56,040 --> 00:17:59,520 Speaker 1: all those names and email addresses, including Chris's and mine 316 00:17:59,600 --> 00:18:03,640 Speaker 1: and my lives and there we go. So we got 317 00:18:03,680 --> 00:18:07,160 Speaker 1: four people just out of connected to this podcast who 318 00:18:07,160 --> 00:18:11,160 Speaker 1: are affected. Um, they got all that information, and well, 319 00:18:11,240 --> 00:18:12,760 Speaker 1: now the question is what can you do with that 320 00:18:12,840 --> 00:18:17,840 Speaker 1: if you only have email addresses and names? Yeah, which 321 00:18:17,880 --> 00:18:20,520 Speaker 1: is so far that's what they're claiming. Everyone should probably 322 00:18:20,600 --> 00:18:22,919 Speaker 1: keep an eye on their finances just in case if 323 00:18:22,960 --> 00:18:26,080 Speaker 1: there's anything hinky going on, you can act on it immediately, 324 00:18:26,280 --> 00:18:29,800 Speaker 1: because there's always the chance that maybe more information was stolen. 325 00:18:29,840 --> 00:18:31,919 Speaker 1: Then we are led to believe right now, I'm going 326 00:18:31,960 --> 00:18:33,399 Speaker 1: to take them at their word and say, all right, 327 00:18:33,440 --> 00:18:35,560 Speaker 1: it's just the names and email addresses. Well, it's not 328 00:18:35,560 --> 00:18:37,320 Speaker 1: in their best interest to lie at this point. No, 329 00:18:37,440 --> 00:18:40,359 Speaker 1: it would just get them and even by if the 330 00:18:40,400 --> 00:18:43,560 Speaker 1: information is out there, there's no way they're getting it back. Right, 331 00:18:43,840 --> 00:18:47,440 Speaker 1: So if it if it was a problem, the responsible 332 00:18:47,440 --> 00:18:49,200 Speaker 1: thing to do is go ahead and say, look, this 333 00:18:49,280 --> 00:18:52,280 Speaker 1: was a catastrophic failure and we need to react because 334 00:18:52,280 --> 00:18:54,359 Speaker 1: the longer we wait, the more damage will be done. 335 00:18:54,880 --> 00:18:58,080 Speaker 1: So i'm i'm I'm imagining that they're being and they're 336 00:18:58,080 --> 00:18:59,639 Speaker 1: they're at least telling the truth as far as they 337 00:18:59,680 --> 00:19:02,720 Speaker 1: under stand it. Right. If more information was stolen, they 338 00:19:02,720 --> 00:19:06,800 Speaker 1: are not aware of it, so names and email addresses well. 339 00:19:07,320 --> 00:19:09,080 Speaker 1: But one of the problems that could come out of 340 00:19:09,119 --> 00:19:12,280 Speaker 1: this is more spear fishing attacks. But now instead of 341 00:19:12,320 --> 00:19:15,240 Speaker 1: attacking the Epsilon to get its data base, it's going 342 00:19:15,320 --> 00:19:19,280 Speaker 1: to be attacking the ultimate consumer like me and Chris 343 00:19:19,320 --> 00:19:22,959 Speaker 1: and my wife and Chris's wife. Um, we will be 344 00:19:23,000 --> 00:19:26,399 Speaker 1: the targets for these attacks, and it'll be spear fishing 345 00:19:26,840 --> 00:19:29,680 Speaker 1: because since they pulled this information out of the upsilons 346 00:19:29,760 --> 00:19:32,920 Speaker 1: data base, they're going to see which companies we had 347 00:19:33,400 --> 00:19:36,840 Speaker 1: UH created accounts with. Yes. And this is also going 348 00:19:36,920 --> 00:19:40,000 Speaker 1: to be tricky for spam filters to pick up on 349 00:19:40,520 --> 00:19:43,679 Speaker 1: because one of the things they that spam filters traditionally 350 00:19:43,720 --> 00:19:45,320 Speaker 1: look for is whether or not it seems to be 351 00:19:45,359 --> 00:19:48,600 Speaker 1: personalized to you. I mean now that that spam filters 352 00:19:48,600 --> 00:19:51,040 Speaker 1: are as sophisticated as they are, and of course we 353 00:19:51,119 --> 00:19:53,680 Speaker 1: all know that even the best still let a few 354 00:19:53,680 --> 00:19:57,720 Speaker 1: slip through on occasion. Um, and at least in a 355 00:19:57,760 --> 00:20:01,560 Speaker 1: lot of cases. Uh, you'll you're going to see you're 356 00:20:01,560 --> 00:20:04,760 Speaker 1: gonna have to be careful when you receive email, especially 357 00:20:04,760 --> 00:20:09,000 Speaker 1: from companies that you know their information was compromised by epsilon. 358 00:20:09,080 --> 00:20:13,080 Speaker 1: Now again, i've got five to look at. Um, you 359 00:20:13,119 --> 00:20:15,280 Speaker 1: can sort of keep an eye on that. And it's 360 00:20:15,320 --> 00:20:19,040 Speaker 1: always a good idea to be a little skeptical, especially 361 00:20:19,080 --> 00:20:21,639 Speaker 1: if they're asking for information. Now, a lot of companies 362 00:20:21,640 --> 00:20:24,840 Speaker 1: have gotten really good about reminding people of this. Um. 363 00:20:25,040 --> 00:20:27,320 Speaker 1: You know, they say, remember, we will never ask you 364 00:20:27,359 --> 00:20:29,800 Speaker 1: for your social security number. Don't give your your social 365 00:20:29,840 --> 00:20:32,919 Speaker 1: security number over email, don't you know. If you have 366 00:20:32,960 --> 00:20:35,760 Speaker 1: any questions, please call our customer service line. Don't fill 367 00:20:35,840 --> 00:20:41,080 Speaker 1: up information in an email. And exactly that's the other 368 00:20:41,119 --> 00:20:45,520 Speaker 1: thing email isn't isn't in general secure. So you you 369 00:20:45,520 --> 00:20:49,400 Speaker 1: wouldn't want to send a friend somebody that you trust. 370 00:20:49,440 --> 00:20:51,359 Speaker 1: You wouldn't want to send a friend your social security 371 00:20:51,440 --> 00:20:54,560 Speaker 1: number over email. It's a bad idea. Um, that's why 372 00:20:54,560 --> 00:20:58,320 Speaker 1: I just tattooed on the bomb on their feet. So 373 00:20:58,440 --> 00:21:01,720 Speaker 1: you should also not be Jonathan's friend. Yes, it's a 374 00:21:01,720 --> 00:21:09,199 Speaker 1: painful experience, believe me, um, I hate that screaming. Also, again, 375 00:21:09,440 --> 00:21:12,480 Speaker 1: be very careful looking at the and look at the 376 00:21:12,560 --> 00:21:14,919 Speaker 1: U r L s that they're asking you to click on. 377 00:21:15,520 --> 00:21:18,920 Speaker 1: If it doesn't look like something related to the company, 378 00:21:19,000 --> 00:21:22,240 Speaker 1: don't do it. If you have any question at all, 379 00:21:23,040 --> 00:21:25,080 Speaker 1: I mean, if you have that pausing and now it's 380 00:21:25,080 --> 00:21:28,520 Speaker 1: probably okay, don't have that pause right now. Get in 381 00:21:28,520 --> 00:21:31,080 Speaker 1: contact with them, say are you really you know, you 382 00:21:31,359 --> 00:21:33,399 Speaker 1: look at the number that you know is actually the 383 00:21:33,440 --> 00:21:35,640 Speaker 1: number for that company and say, hey, I've got this email. 384 00:21:38,040 --> 00:21:40,280 Speaker 1: This is this is a real message. Do you really 385 00:21:40,280 --> 00:21:43,000 Speaker 1: want this information from me? And you know, if if 386 00:21:43,040 --> 00:21:45,240 Speaker 1: they give you an email or phone number in that email, 387 00:21:45,240 --> 00:21:48,280 Speaker 1: I wouldn't trust that anything. Most of these companies, these 388 00:21:48,280 --> 00:21:51,399 Speaker 1: companies should all have the information they need already from you. 389 00:21:51,520 --> 00:21:54,520 Speaker 1: They should not be asking for it again. If they 390 00:21:54,600 --> 00:21:57,000 Speaker 1: are asking for it again, that's indicative of one of 391 00:21:57,040 --> 00:21:59,640 Speaker 1: two things. Either you're getting a phishing email and someone 392 00:21:59,760 --> 00:22:01,800 Speaker 1: is trying to get your information so that they can 393 00:22:01,840 --> 00:22:05,240 Speaker 1: they can take advantage of you, or the company that 394 00:22:05,480 --> 00:22:08,160 Speaker 1: is doing your business shouldn't be doing your business because 395 00:22:08,200 --> 00:22:13,480 Speaker 1: they have been uh irresponsible managing your data. So either way, 396 00:22:13,680 --> 00:22:16,280 Speaker 1: it's either way. The answers. Do not give your data 397 00:22:16,359 --> 00:22:19,680 Speaker 1: over email. UM. And another thing to look for is 398 00:22:19,720 --> 00:22:22,240 Speaker 1: in the u r L. Look for h T T 399 00:22:22,520 --> 00:22:24,800 Speaker 1: P S if it's a secure system, and look at 400 00:22:24,840 --> 00:22:28,600 Speaker 1: that little lock symbol. That's an indication that it's a 401 00:22:28,600 --> 00:22:31,640 Speaker 1: trustworthy source. Again, this is just one factor to look 402 00:22:31,680 --> 00:22:34,479 Speaker 1: don't don't just assume that if it's up there that 403 00:22:34,520 --> 00:22:37,800 Speaker 1: means you're safe. Look for that. Also, look at the 404 00:22:37,840 --> 00:22:40,760 Speaker 1: u r L. Make sure that you r L makes sense. UM. 405 00:22:41,000 --> 00:22:44,959 Speaker 1: And what I recommend is if you want, if if 406 00:22:45,000 --> 00:22:47,720 Speaker 1: you get an email from a company and you think 407 00:22:47,800 --> 00:22:51,159 Speaker 1: this may very well be a legitimate email, navigate to 408 00:22:51,240 --> 00:22:56,720 Speaker 1: that company's website directly. Don't click on links in your email, don't. UM, 409 00:22:56,760 --> 00:22:59,359 Speaker 1: you know, don't copy and paste it from email into 410 00:22:59,400 --> 00:23:01,320 Speaker 1: your your l because it's the same thing as clicking 411 00:23:01,320 --> 00:23:05,080 Speaker 1: on a link. Really, go to your browser, type in 412 00:23:05,200 --> 00:23:09,119 Speaker 1: that company's web address or go through Google and and 413 00:23:09,440 --> 00:23:14,560 Speaker 1: you know, use the actual verified website to get to 414 00:23:14,560 --> 00:23:16,760 Speaker 1: where you need to go, and then try to navigate 415 00:23:17,200 --> 00:23:20,879 Speaker 1: to where that that email would indicate you need to 416 00:23:20,920 --> 00:23:24,560 Speaker 1: go in order to complete whatever the transaction is. And 417 00:23:24,640 --> 00:23:27,560 Speaker 1: that way, if you're going through the official channel, you 418 00:23:27,640 --> 00:23:32,000 Speaker 1: are less likely to fall victim to a scam. Uh, 419 00:23:32,080 --> 00:23:36,560 Speaker 1: and we just have to kind of resolve that will 420 00:23:36,600 --> 00:23:39,560 Speaker 1: do that and resign ourselves to the fact that, at 421 00:23:39,600 --> 00:23:42,480 Speaker 1: least for those affected by this, we're going to probably 422 00:23:42,520 --> 00:23:46,960 Speaker 1: see an uptick in spam email over the next forever 423 00:23:47,760 --> 00:23:52,400 Speaker 1: until we change email addresses. UM. There there's an old 424 00:23:52,440 --> 00:23:56,240 Speaker 1: saying that says, it's not really saying, but people tell 425 00:23:56,280 --> 00:23:59,600 Speaker 1: you to watch out for when you see those emails 426 00:23:59,640 --> 00:24:02,879 Speaker 1: that that say, hey, we just found this out, forward 427 00:24:02,920 --> 00:24:05,280 Speaker 1: it to all your friends, forward it to all your 428 00:24:05,280 --> 00:24:09,639 Speaker 1: friends is usually a flag that it's a hoax. And 429 00:24:09,760 --> 00:24:11,560 Speaker 1: I mean not We're not talking about fishing or any 430 00:24:11,560 --> 00:24:13,640 Speaker 1: of that stuff now, I mean or even even malware, 431 00:24:13,760 --> 00:24:16,800 Speaker 1: just the stuff that you know, the hey this big 432 00:24:16,800 --> 00:24:21,280 Speaker 1: company is is actually uh uh, you know, shipping kittens 433 00:24:21,280 --> 00:24:24,119 Speaker 1: to people. Microsoft has this email tracker and if you 434 00:24:24,240 --> 00:24:26,960 Speaker 1: send this email forward, you will get a package of 435 00:24:27,000 --> 00:24:31,080 Speaker 1: eminem's or something like that. Just ridiculous. Anything that says 436 00:24:31,200 --> 00:24:33,320 Speaker 1: forward to tell your friends, that's that's a flag. Well 437 00:24:33,320 --> 00:24:36,160 Speaker 1: here's a flag for you to UM. In the five 438 00:24:36,320 --> 00:24:38,960 Speaker 1: emails emails that I got from these companies that said 439 00:24:39,000 --> 00:24:42,720 Speaker 1: my address had been compromised, none of them said we 440 00:24:42,840 --> 00:24:46,520 Speaker 1: need new information from you. So if somebody says your 441 00:24:46,520 --> 00:24:50,560 Speaker 1: account has been compromised, send us new information. Here will 442 00:24:50,600 --> 00:24:53,800 Speaker 1: send you a link. That's a huge clue right there. 443 00:24:53,880 --> 00:24:55,480 Speaker 1: I don't go out on the limb and say that's 444 00:24:55,720 --> 00:24:58,320 Speaker 1: that's a really big it's not a very big limb, 445 00:24:58,720 --> 00:25:02,560 Speaker 1: um in. That's a big indicator, like, yeah, it's definitely 446 00:25:02,720 --> 00:25:05,600 Speaker 1: something is wrong, something is hinky, that's not not on 447 00:25:05,640 --> 00:25:08,400 Speaker 1: the up and up. So you know, you can use 448 00:25:08,440 --> 00:25:11,440 Speaker 1: that without even having a click on anything. Just think 449 00:25:11,480 --> 00:25:14,400 Speaker 1: of that and say, okay, well, Jonathan and Chris told me. 450 00:25:15,080 --> 00:25:17,400 Speaker 1: You know that if somebody's asking for information, when they 451 00:25:17,400 --> 00:25:19,879 Speaker 1: tell me that my accounts compromised or they need me 452 00:25:19,960 --> 00:25:24,480 Speaker 1: to update my account information on file, that's that's a 453 00:25:24,560 --> 00:25:28,639 Speaker 1: time to question this and think critically and not do 454 00:25:28,760 --> 00:25:32,959 Speaker 1: it without being yeah please. And And here's the interesting 455 00:25:33,000 --> 00:25:35,119 Speaker 1: thing is that probably as a result of this, I've 456 00:25:35,160 --> 00:25:36,960 Speaker 1: seen this in a few reports. As a result of this, 457 00:25:37,040 --> 00:25:41,440 Speaker 1: we're probably gonna see security firms recommending that companies use 458 00:25:41,520 --> 00:25:47,320 Speaker 1: more of their uh anti intrusion software and hacker protection software. 459 00:25:47,880 --> 00:25:51,320 Speaker 1: But ultimately that's not going to help at all for 460 00:25:51,400 --> 00:25:54,000 Speaker 1: this kind of problem, because this is a people problem. Yes, 461 00:25:54,040 --> 00:25:56,520 Speaker 1: this is a this is a a person, not a 462 00:25:56,560 --> 00:26:00,000 Speaker 1: computer error. It's a person making an error in judgment. 463 00:26:00,000 --> 00:26:03,520 Speaker 1: It so, even even if you put the most sophisticated 464 00:26:03,560 --> 00:26:05,920 Speaker 1: security system in place, if you have people who are 465 00:26:05,960 --> 00:26:10,960 Speaker 1: not practicing good security measures, that's an insecure system. Like 466 00:26:11,040 --> 00:26:12,800 Speaker 1: it's just like if you you know, let's say that 467 00:26:12,840 --> 00:26:15,960 Speaker 1: you've got a bank, right, You've got this bank, and 468 00:26:16,000 --> 00:26:19,480 Speaker 1: you've got all these sophisticated locks on that front door, 469 00:26:19,520 --> 00:26:21,959 Speaker 1: and you've got a laser system that goes across the 470 00:26:21,960 --> 00:26:25,400 Speaker 1: floor at night, and you've you've got pressure sensitive tiles 471 00:26:25,480 --> 00:26:27,880 Speaker 1: all along the front, and then you leave the back 472 00:26:27,880 --> 00:26:32,200 Speaker 1: door open. The whole all those systems in the front 473 00:26:32,240 --> 00:26:34,360 Speaker 1: aren't gonna matter at all because someone just walks through 474 00:26:34,359 --> 00:26:36,560 Speaker 1: the back door because they, you know, were chatting up 475 00:26:36,560 --> 00:26:38,840 Speaker 1: the security guard and uh, you know, made the security 476 00:26:38,840 --> 00:26:41,360 Speaker 1: guard went back for a smoke, and they just put 477 00:26:41,359 --> 00:26:43,320 Speaker 1: a little wedge over there, so it kept the door open. 478 00:26:43,359 --> 00:26:45,320 Speaker 1: And then there and there and they're dealing all your stuff. 479 00:26:46,000 --> 00:26:48,360 Speaker 1: Everyone knows you can beat those laser systems by doing 480 00:26:48,400 --> 00:26:50,639 Speaker 1: cart wheels and you know, sort of doing that weird 481 00:26:50,720 --> 00:26:54,120 Speaker 1: dance over them and walking on your fingertips Yeah, that's 482 00:26:54,160 --> 00:26:56,280 Speaker 1: that easy. That's what I tried to do and it 483 00:26:56,400 --> 00:26:58,679 Speaker 1: doesn't work out so well for me. But that's you know, 484 00:26:59,040 --> 00:27:00,879 Speaker 1: that was twenty pounds go. So it's sort of like 485 00:27:00,920 --> 00:27:03,720 Speaker 1: the brute force attack. It doesn't quite work. Yeah, so 486 00:27:04,800 --> 00:27:08,840 Speaker 1: what really needs to happen is not necessary. Yes, better 487 00:27:08,880 --> 00:27:11,760 Speaker 1: security measures are good, right, I'm not I'm not saying 488 00:27:11,760 --> 00:27:15,240 Speaker 1: that companies shouldn't invest in that. They definitely should. But 489 00:27:15,280 --> 00:27:17,960 Speaker 1: what they really also need to look at is educating 490 00:27:18,400 --> 00:27:22,560 Speaker 1: the people who work for that company about these attacks 491 00:27:22,640 --> 00:27:25,440 Speaker 1: and how to spot them and how to avoid them, 492 00:27:25,480 --> 00:27:28,720 Speaker 1: because you know, it's that's where the weak spot is. 493 00:27:28,840 --> 00:27:31,520 Speaker 1: It's not the technology, it's the people. And if the 494 00:27:31,560 --> 00:27:35,080 Speaker 1: people are unaware of how these attacks can happen, uh, 495 00:27:35,080 --> 00:27:38,080 Speaker 1: then we're gonna see this happen again and again and again. 496 00:27:38,200 --> 00:27:42,120 Speaker 1: Especially if you're clever enough, hacker, you you do have 497 00:27:42,160 --> 00:27:44,840 Speaker 1: a reward at the end of that fishing scam, so 498 00:27:44,920 --> 00:27:48,280 Speaker 1: that the person who has gone through and and downloaded 499 00:27:48,280 --> 00:27:52,040 Speaker 1: the malware does not immediately say, huh, I wonder if 500 00:27:52,080 --> 00:27:55,119 Speaker 1: that was actually a bad thing. I just did you know? 501 00:27:55,160 --> 00:27:57,600 Speaker 1: If you have something there so that it feels like, 502 00:27:58,080 --> 00:28:00,720 Speaker 1: oh no, what what I what it was asking me 503 00:28:00,760 --> 00:28:03,760 Speaker 1: to do I actually did, and I accomplish something. If 504 00:28:03,800 --> 00:28:06,280 Speaker 1: you have that reward in place as a hacker, you're 505 00:28:06,320 --> 00:28:09,320 Speaker 1: more likely to remain undetected. Now, granted, there's also the 506 00:28:09,359 --> 00:28:11,800 Speaker 1: pressure that a person feels when they do something stupid 507 00:28:11,840 --> 00:28:15,000 Speaker 1: to hide it immediately and not let anyone know about it, 508 00:28:15,080 --> 00:28:17,480 Speaker 1: because you don't want to be the one to admit, hey, 509 00:28:17,560 --> 00:28:19,520 Speaker 1: I just compromised our system. We need to be on 510 00:28:19,560 --> 00:28:21,800 Speaker 1: the lookout. I wouldn't want to be that person. I 511 00:28:21,800 --> 00:28:24,040 Speaker 1: would not want to be that person either, But ultimately 512 00:28:24,160 --> 00:28:26,360 Speaker 1: it's better to be that person and say it than 513 00:28:26,400 --> 00:28:29,439 Speaker 1: to not say anything. And then you're talking about the 514 00:28:29,480 --> 00:28:32,800 Speaker 1: potential of billions of dollars of revenue going up and smoke, 515 00:28:33,800 --> 00:28:37,600 Speaker 1: maybe maybe even an incalculable amount of money going up 516 00:28:37,600 --> 00:28:40,320 Speaker 1: and smoke because you don't know what the ultimate fallout 517 00:28:40,360 --> 00:28:45,920 Speaker 1: is going to be from that mistake. Yeah, I am, Yeah, 518 00:28:46,800 --> 00:28:49,000 Speaker 1: I was going to speculate, and I just don't well 519 00:28:49,040 --> 00:28:51,480 Speaker 1: think of it this way. You've got five emails, Yes, 520 00:28:51,840 --> 00:28:54,880 Speaker 1: that's a lot of emails, and looking at a list 521 00:28:54,920 --> 00:28:57,560 Speaker 1: and this was not a comprehensive list that that I 522 00:28:57,600 --> 00:29:01,880 Speaker 1: saw online. A lot of companies rusted Epsilon to keep 523 00:29:01,880 --> 00:29:05,920 Speaker 1: that information private. So and I hear that it affected 524 00:29:06,400 --> 00:29:10,040 Speaker 1: a very tiny percentage of Epsilon's customers. But then, when 525 00:29:10,080 --> 00:29:13,760 Speaker 1: you think Epsilon's customers aren't people like you and me, 526 00:29:14,280 --> 00:29:19,760 Speaker 1: Epsilon's customers are corporations that also, in turn have access 527 00:29:19,800 --> 00:29:25,600 Speaker 1: to potentially millions of people's email and identity. Uh, that 528 00:29:25,720 --> 00:29:28,680 Speaker 1: two percent is still a big, big number in terms 529 00:29:28,680 --> 00:29:32,480 Speaker 1: of actual living human beings. I once left a cell 530 00:29:32,480 --> 00:29:36,320 Speaker 1: phone provider because everyone else that I knew had bad 531 00:29:36,360 --> 00:29:38,560 Speaker 1: customer service from them, and I hadn't yet, but I 532 00:29:38,600 --> 00:29:40,200 Speaker 1: was just waiting for it. So I decided to go 533 00:29:40,240 --> 00:29:42,920 Speaker 1: ahead and jump ship. And that may very well happen 534 00:29:42,960 --> 00:29:46,720 Speaker 1: with people who were not affected, right Yeah, And you know, 535 00:29:47,000 --> 00:29:50,200 Speaker 1: of course this could also usher us into the dark 536 00:29:50,240 --> 00:29:53,040 Speaker 1: ages of abandoning the Internet for commerce and going back 537 00:29:53,080 --> 00:29:55,680 Speaker 1: to brick and mortar stores. I cannot imagine that happening. 538 00:29:55,760 --> 00:29:58,960 Speaker 1: It's not gonna happen to me. No, it's way too convenient. 539 00:29:59,520 --> 00:30:04,240 Speaker 1: I oh, I don't have to deal with people, it's uh. 540 00:30:04,280 --> 00:30:06,560 Speaker 1: And they send stuff to me in pretty packages. It's 541 00:30:06,600 --> 00:30:08,440 Speaker 1: like getting a present because you get to open the 542 00:30:08,480 --> 00:30:10,600 Speaker 1: box and you wonder what's inside. It because you forgot 543 00:30:10,600 --> 00:30:13,000 Speaker 1: because you were you were impulse shopping and it was 544 00:30:13,040 --> 00:30:19,320 Speaker 1: three weeks ago. It's awesome. I have a problem. Ah Okay, 545 00:30:19,360 --> 00:30:21,400 Speaker 1: all right, let's wrap this up. Guys. If you have 546 00:30:21,520 --> 00:30:23,720 Speaker 1: anything that you want to add to this discussion about 547 00:30:23,720 --> 00:30:27,480 Speaker 1: the Epsilon email hack, or perhaps you two were affected 548 00:30:27,520 --> 00:30:30,959 Speaker 1: and you want to maybe express your concern, or if 549 00:30:31,000 --> 00:30:33,400 Speaker 1: you have any other questions for us, especially if it's 550 00:30:33,440 --> 00:30:35,680 Speaker 1: something about computer security and what you can do to 551 00:30:35,760 --> 00:30:39,040 Speaker 1: be more secure, let us know, because these are important 552 00:30:39,080 --> 00:30:41,720 Speaker 1: topics that I think everyone needs to think about to 553 00:30:41,800 --> 00:30:44,640 Speaker 1: some extent, and you know, even even people who limit 554 00:30:44,720 --> 00:30:47,000 Speaker 1: their online activity as much as possible need to be 555 00:30:47,040 --> 00:30:49,520 Speaker 1: aware of it. So send us a message. You can 556 00:30:49,520 --> 00:30:52,680 Speaker 1: find us on Twitter and Facebook are handled. There is 557 00:30:52,800 --> 00:30:56,080 Speaker 1: text stuff h s W, or you can shoot us 558 00:30:56,080 --> 00:30:59,120 Speaker 1: an email. That address is tech stuff at how stuff 559 00:30:59,120 --> 00:31:00,880 Speaker 1: works dot com and Chris and I will talk to 560 00:31:00,880 --> 00:31:05,760 Speaker 1: you again really soon. For moral on this and thousands 561 00:31:05,800 --> 00:31:08,320 Speaker 1: of other topics, visit how stuff works dot com. To 562 00:31:08,480 --> 00:31:11,280 Speaker 1: learn more about the podcast, click on the podcast icon 563 00:31:11,440 --> 00:31:14,760 Speaker 1: in the upper right corner of our homepage. The how 564 00:31:14,840 --> 00:31:18,080 Speaker 1: Stuff Works iPhone app has arrived. Download it today on 565 00:31:18,120 --> 00:31:25,880 Speaker 1: iTunes brought to you by the reinvented two thousand twelve camera. 566 00:31:26,160 --> 00:31:27,360 Speaker 1: It's ready, are you