WEBVTT - How the Epsilon E-mail Hack Worked 0:00:00.280 --> 0:00:02.840 Brought to you by the reinvented two thousand twelve camera. 0:00:03.160 --> 0:00:08.920 It's ready. Are you get in touch with technology? With 0:00:09.039 --> 0:00:18.079 tech Stuff from how stuff works dot com. Hello again, everyone, 0:00:18.120 --> 0:00:20.800 Welcome to tech stuff. My name is Chris Poette and 0:00:20.800 --> 0:00:22.480 I am an editor at how stuff works dot com. 0:00:22.480 --> 0:00:25.280 Sitting across from me, as always, his senior writer, Jonathan 0:00:26.760 --> 0:00:31.840 return to cinder address unknown, no such number, no such zone. 0:00:33.240 --> 0:00:35.519 So today you're not phoning it in, You're mailing it in. 0:00:35.640 --> 0:00:38.080 That's right. I have taken a step back. I'm going 0:00:38.200 --> 0:00:42.880 even I'm putting in even less effort than normal. Great 0:00:43.840 --> 0:00:46.560 that that will leave me to do my normal job 0:00:46.600 --> 0:00:49.839 of going uh huh with a whole lot of silence 0:00:49.840 --> 0:00:53.159 around it. Well, it will be a nice change. We 0:00:53.240 --> 0:00:56.760 actually have a request that came in through Twitter. So 0:00:56.840 --> 0:01:03.120 here's our tweet request from Luke. How did the epsilon 0:01:03.360 --> 0:01:07.479 email hack work? Well, Luke, we're gonna break it down 0:01:07.560 --> 0:01:10.480 for you. Um Now, first, before we talk about how 0:01:10.520 --> 0:01:13.840 it worked, I guess we need to talk about what happened, right, Yes, 0:01:14.720 --> 0:01:18.360 So I can talk about this from a personal standpoint 0:01:18.520 --> 0:01:21.119 because I was one of the people affected. I can 0:01:21.120 --> 0:01:24.480 talk about this from five personal standpoints. Yeah, if I 0:01:24.520 --> 0:01:27.319 talk about it with my wife in mind, I think 0:01:27.360 --> 0:01:30.640 I probably close to the same number. I only received 0:01:30.640 --> 0:01:34.120 one email, but she apparently received several and you received five, 0:01:34.640 --> 0:01:38.000 right right, So so okay, okay, okay. So when when 0:01:38.040 --> 0:01:42.000 you're signing up for an account with a service, a 0:01:42.000 --> 0:01:46.760 notification service, or you're buying something from someone and somebody 0:01:46.920 --> 0:01:50.120 somebody that that you know, somebody that you trust, uh, 0:01:50.160 --> 0:01:52.600 and you go and you you see the little thing 0:01:52.680 --> 0:01:55.480 where it says by accepting that clicking this box, you 0:01:55.520 --> 0:01:58.040 agree to the terms of service and the privacy policy. 0:01:58.080 --> 0:02:00.560 And sometimes you do and sometimes you don't click on 0:02:00.600 --> 0:02:03.320 the links for those things and read through them. Uh, 0:02:03.360 --> 0:02:05.480 there's this one little piece of language you probably have 0:02:05.520 --> 0:02:07.240 seen if you've actually gone to look at those and 0:02:07.240 --> 0:02:10.799 that's that part where it says, I agree to have 0:02:10.919 --> 0:02:15.600 my data shared with our trusted business partners and uh, 0:02:15.919 --> 0:02:18.720 basically for the for the purpose of delivering services to you. 0:02:18.800 --> 0:02:21.359 So if if you let's let's say you've you've you've 0:02:21.400 --> 0:02:24.400 decided to sign up for your local grocery stores rewards 0:02:24.440 --> 0:02:27.520 program and because you know you can get you know, 0:02:27.560 --> 0:02:29.959 twenty cents off this and fifty cents off that when 0:02:30.000 --> 0:02:32.200 you show your card, and lots and lots of people 0:02:32.200 --> 0:02:35.079 do it. Um some people don't because they feel like 0:02:35.120 --> 0:02:37.639 it's an invasion of privacy. Well, you know, maybe it is, 0:02:37.680 --> 0:02:40.480 maybe it isn't. In this case it is, but out 0:02:40.560 --> 0:02:43.640 they were right. But so, so what happens is you've 0:02:43.680 --> 0:02:45.240 signed up for this deal, you get the little card 0:02:45.240 --> 0:02:46.920 to put in your little key fob to put on 0:02:46.919 --> 0:02:49.080 your your key chain so that they can scan it. 0:02:49.919 --> 0:02:52.920 And then what happens on the other side is the 0:02:52.919 --> 0:02:54.560 company says, well, you know what, this is a lot 0:02:54.560 --> 0:02:58.600 of work maintaining this giant database of people who are 0:02:58.760 --> 0:03:01.560 our beloved customers. And you know, of course they are 0:03:01.600 --> 0:03:04.160 because they're spending money with it, and we have you know, 0:03:04.200 --> 0:03:08.360 our our business is not the maintaining of a database. 0:03:08.440 --> 0:03:11.560 Our business is blah blah blah. Absolutely and if you're 0:03:11.600 --> 0:03:14.800 doing blah blah blah, you you want somebody and you 0:03:14.800 --> 0:03:17.120 need somebody you trust that literally, they are a trusted 0:03:17.160 --> 0:03:19.440 business part. You want to find somebody who can maintain that. 0:03:20.320 --> 0:03:23.799 And so what's going on here is they say, well, okay, hey, 0:03:23.919 --> 0:03:28.320 you guys over here, can you manage our marketing database 0:03:28.360 --> 0:03:31.080 for us? Send out the weekly flyer for us, you know, 0:03:31.120 --> 0:03:33.520 for the people who want that, uh, you know, keep 0:03:33.560 --> 0:03:36.840 track of the rewards points that they've earned when they 0:03:36.840 --> 0:03:39.320 shop with us. Can you do that? And they say, oh, absolutely, 0:03:39.320 --> 0:03:41.920 you can trust us. Yes, And and the whole point 0:03:41.960 --> 0:03:45.440 here is again, the company the in question is trying 0:03:45.520 --> 0:03:47.600 to let's just say that it's a for for the 0:03:47.640 --> 0:03:50.720 basis of this discussion, let's say it's a retailer. So 0:03:50.760 --> 0:03:54.400 we're saying this is a major retailer of of consumer products, 0:03:54.800 --> 0:03:58.480 and that the major retailer, you know, their concentration is 0:03:59.120 --> 0:04:03.120 keeping inventor or a selling products, moving, moving the marketing. 0:04:03.680 --> 0:04:07.160 You know, they got a lot of demands on their attention. 0:04:07.600 --> 0:04:11.720 So it makes sense to to outsource this database management 0:04:11.760 --> 0:04:16.400 to another company and then the retailer can concentrate it's 0:04:17.360 --> 0:04:21.520 full focus on conducting business. What could possibly go wrong 0:04:21.560 --> 0:04:25.320 with this? So let's say that you are the company 0:04:25.400 --> 0:04:29.520 that maintains databases. All right, So your customers are these 0:04:29.640 --> 0:04:33.720 major major corporations and financial institutions. Because some of these 0:04:33.720 --> 0:04:37.360 are banks. You know, there's some banks that and credit 0:04:37.440 --> 0:04:40.920 unions that, uh use this sort of stuff. Then there's 0:04:41.040 --> 0:04:45.479 you know, retailers, there's grocery stores, there's all sorts of companies. 0:04:45.480 --> 0:04:49.560 There's travel companies, travel agencies, that kind of thing. Um, 0:04:49.640 --> 0:04:51.880 so you have all these databases, well, that means that 0:04:51.960 --> 0:04:56.200 you are also a beautiful target for people who want 0:04:56.240 --> 0:04:58.919 to get as much information about as many people in 0:04:59.040 --> 0:05:01.760 one strike as possible. That's right. If you're one of 0:05:01.800 --> 0:05:08.080 these companies, trust is and and that of customer confidence 0:05:08.120 --> 0:05:13.520 for your customers is of paramount importance. You. This is 0:05:13.560 --> 0:05:15.880 when you go and you you're you're trying to get 0:05:15.920 --> 0:05:17.880 a new client, and you go to this big, big 0:05:17.920 --> 0:05:20.080 company and you put down the portfolio of all the 0:05:20.080 --> 0:05:22.200 other companies that you're helping, and go, look at all 0:05:22.279 --> 0:05:25.880 the people who trust us. You should trust us to 0:05:26.600 --> 0:05:28.880 do business with us, and we will totally manage this 0:05:28.960 --> 0:05:32.320 affiliate marketing program you've got going. Right, So then what 0:05:32.480 --> 0:05:36.640 happens if say someone is able to infiltrate that system 0:05:36.800 --> 0:05:39.880 and steal information, Well, then you've got a breach of 0:05:39.920 --> 0:05:42.920 trust and you have the potential to lose a lot 0:05:42.960 --> 0:05:47.920 of clients really quickly because you have demonstrated that you 0:05:48.080 --> 0:05:51.080 did you were not as secure as uh you had 0:05:51.160 --> 0:05:54.280 uh made out to be. Because ultimately, this is going 0:05:54.360 --> 0:05:58.920 to affect the customers of your customers. Right, So if 0:05:58.920 --> 0:06:02.719 you're the big database company, your customers are these giant companies, 0:06:02.760 --> 0:06:07.120 like like these retailers and financial institutions. Their customers are 0:06:07.160 --> 0:06:11.400 all angry because their information has been stolen by a hacker. Now, 0:06:12.080 --> 0:06:15.520 your your average customer is probably gonna blame the retailer 0:06:15.720 --> 0:06:18.200 or the financial institution. They're not you know, they're not 0:06:18.279 --> 0:06:21.400 looking beyond that because they get an email from uh, 0:06:21.480 --> 0:06:25.839 you know, major retailer number one, and the email says, hey, 0:06:25.920 --> 0:06:30.559 guess what. Turns out system was hacked and your name 0:06:30.680 --> 0:06:34.599 and email address have been compromised. So someone has that 0:06:34.680 --> 0:06:37.800 information now. Uh. In a course of course, that could 0:06:37.800 --> 0:06:40.680 be a lot worse. It could have more of your 0:06:40.720 --> 0:06:43.920 personal identification information there, like say a social Security number 0:06:44.040 --> 0:06:47.040 or birth date, or credit card information, that kind of thing. 0:06:47.800 --> 0:06:50.360 But name and email are bad enough as it is, 0:06:50.400 --> 0:06:52.520 and we'll get into why it's bad a little bit 0:06:52.560 --> 0:06:56.360 later in the podcast. Well, you're likely to blame if 0:06:56.400 --> 0:06:59.640 you're the victim of this. So the person, the customer 0:06:59.680 --> 0:07:01.480 who's a actim of this is likely to blame the 0:07:01.520 --> 0:07:06.080 actual retailer or financial institution. Um. That's why a lot 0:07:06.080 --> 0:07:07.680 of this information, like a lot of these companies have 0:07:07.720 --> 0:07:09.480 said no, no, no, no, no, it's not our fault. 0:07:09.760 --> 0:07:13.360 It's this this company that we trusted to hold all 0:07:13.360 --> 0:07:16.520 this information for us. They're the ones who slipped up. 0:07:17.000 --> 0:07:19.600 And it's interesting how they slipped up. You know. Ultimately, 0:07:19.600 --> 0:07:22.080 we're supposed to answer the question how did this hack work? 0:07:23.320 --> 0:07:27.000 It worked on a very basic, simple level. Let's talk 0:07:27.000 --> 0:07:31.280 about a little bit about how hackers get into systems. Right. Well, 0:07:31.360 --> 0:07:33.800 you know, I've I've seen war games. Yeah, you know, 0:07:33.880 --> 0:07:35.320 I know that all you have to do is, you know, 0:07:35.400 --> 0:07:39.960 dial up a machine and and you know type until there. 0:07:40.000 --> 0:07:42.680 That is a way of doing it is called the 0:07:42.680 --> 0:07:45.800 brute force method. It's when you are trying to brute 0:07:45.800 --> 0:07:49.240 force a system by just going through a sequence of 0:07:49.280 --> 0:07:53.160 passwords until one of them works. Not terribly efficient, takes 0:07:53.200 --> 0:07:55.800 a lot of time. A lot of systems protect against 0:07:55.880 --> 0:07:58.400 it by having a shut off. So if you try 0:07:58.480 --> 0:08:02.680 to access it certain number of times with an incorrect password, 0:08:03.720 --> 0:08:07.640 you get back a message saying you've attempted to access 0:08:07.720 --> 0:08:12.320 this unsuccessfully too many times. Uh, access to this account 0:08:12.360 --> 0:08:15.119 has been shut down for fifteen minutes, and you weren't 0:08:15.160 --> 0:08:17.640 able to try and log in again until fifteen minutes later. 0:08:17.960 --> 0:08:21.280 That makes that attack even less efficient, right, because now 0:08:21.520 --> 0:08:24.360 now you're gonna have fifteen minute breaks between every five 0:08:24.400 --> 0:08:26.960 attempts you try to get in, right, and then there 0:08:27.000 --> 0:08:29.920 are some companies that completely lock you out. You know, 0:08:30.360 --> 0:08:33.480 you know three ties, you've exceeded your limit. You're going 0:08:33.480 --> 0:08:37.000 to have to call somebody to get your password reset. Um, 0:08:37.640 --> 0:08:41.000 that's more of a consumer thing, I would say, rather 0:08:41.080 --> 0:08:43.160 than the other. But I mean, you know that that 0:08:43.280 --> 0:08:45.960 kind of technique is likely to cut down on the 0:08:45.960 --> 0:08:50.040 efficiency and ability of hackers to make their way into 0:08:50.080 --> 0:08:53.040 a system using a brute force method. Yeah, and you've 0:08:53.040 --> 0:08:56.520 probably seen movies where people have sat down at a 0:08:56.559 --> 0:09:00.839 computer and either they're running some weird decryptive decrypt program 0:09:00.880 --> 0:09:04.040 which is making the letters of the past word appear 0:09:04.040 --> 0:09:06.800 one by one, or they're typing in some sequence of 0:09:06.880 --> 0:09:10.000 numbers or words or whatever and they magically get in. 0:09:10.600 --> 0:09:13.240 The truth is that about ten minutes or last? Yeah? 0:09:13.280 --> 0:09:15.400 The truth this. First of all, if you do use 0:09:15.440 --> 0:09:18.600 that method, it takes a long time. And and second, 0:09:19.240 --> 0:09:22.080 they're way easier ways of hacking into a system, and 0:09:22.120 --> 0:09:25.600 it mainly deals with social engineering. In fact, I would 0:09:25.679 --> 0:09:29.880 argue that most of the really successful hackers are masters 0:09:29.960 --> 0:09:34.880 at social engineering. That's I would agree with you. Social 0:09:35.520 --> 0:09:40.560 social engineering is manipulating people, not machines you are. You 0:09:40.600 --> 0:09:44.400 are targeting the user, You're not targeting the system. Because 0:09:44.440 --> 0:09:50.400 people are easily manipulatable, manipulate, manipulate, manipulate. You can make 0:09:50.440 --> 0:09:56.079 people do stuff easily. Yeah. UM, I think it's sort 0:09:56.080 --> 0:10:00.000 of funny because when we mentioned MAC virus is uh, 0:10:00.160 --> 0:10:02.199 we get a lot of people who say there are 0:10:02.200 --> 0:10:04.800 no Mac viruses. Well, most of the Mac viruses that 0:10:04.840 --> 0:10:07.760 are out there require you to download a disk image, 0:10:07.920 --> 0:10:10.080 double click on the disk image and make create a 0:10:10.160 --> 0:10:12.839 disk install the program, go through the prompt where it 0:10:12.840 --> 0:10:14.840 says are you sure you want to install the program? 0:10:14.880 --> 0:10:19.520 Please enter your password. There are a lot of layer yes, 0:10:19.600 --> 0:10:22.040 but what it takes to overcome that is social engineering. 0:10:22.080 --> 0:10:24.880 And that's true for any operating system that has a 0:10:25.000 --> 0:10:28.560 virus or something like that, UM in that style that 0:10:28.720 --> 0:10:34.160 a lot of these require an element of convincing uh 0:10:34.200 --> 0:10:37.959 the person to install the virus or the key logger. 0:10:39.120 --> 0:10:40.920 You know, in this case, if you're trying to break 0:10:40.920 --> 0:10:43.160 into a system, you might use a key logger, which 0:10:43.200 --> 0:10:47.319 is uh basically recording every time every key you press 0:10:47.400 --> 0:10:52.840 on the keyboard in an attempt to discover logins and passwords. Um. 0:10:53.240 --> 0:10:55.880 And so if you want to install a trojan, if 0:10:55.880 --> 0:10:57.800 you want to install a key logger or something like that, 0:10:57.840 --> 0:11:00.480 in a lot of cases you have to fool the 0:11:00.600 --> 0:11:05.360 end user into believing that that software is safe enough 0:11:05.400 --> 0:11:07.400 to install on there. So you have to say, oh, well, 0:11:07.440 --> 0:11:12.360 you know, it's just uh, you know, little RSS feed reader, 0:11:12.440 --> 0:11:15.319 it's just anti virus. You wait, hey, we discovered a 0:11:15.400 --> 0:11:18.360 virus on your your computer. You really need to download 0:11:18.360 --> 0:11:21.320 and install this free software, right, and then you click 0:11:21.400 --> 0:11:24.560 on it actually turns out to be malware. Although it's 0:11:24.600 --> 0:11:29.080 it's masked as anti virus software, right, They have to hide. 0:11:29.160 --> 0:11:31.200 That's the other part of this is once it's on there, 0:11:31.360 --> 0:11:34.240 you can't discover it and go, oh no, look I 0:11:34.280 --> 0:11:37.000 installed something terrible on my system. I need to run 0:11:37.040 --> 0:11:39.320 my antivirus software. It's got to go no, no, I'm 0:11:39.440 --> 0:11:43.640 still honestly, just this pro little program. I'm fine. Yeah. So, 0:11:43.640 --> 0:11:46.400 so social engineering can take many different forms, Like it 0:11:46.440 --> 0:11:48.720 can be as simple as walking through the front door 0:11:48.840 --> 0:11:52.000 of a company and chatting up a receptionist and just 0:11:52.080 --> 0:11:55.040 getting enough information where it gives you a guideline as 0:11:55.040 --> 0:11:58.360 to what could be a password into the system using 0:11:58.679 --> 0:12:02.920 you know, the receptionists information. That's totally possible. You could 0:12:03.880 --> 0:12:07.360 end up identifying someone who works for a company and 0:12:07.400 --> 0:12:11.160 then uh coincidentally meet up with this person in a 0:12:11.200 --> 0:12:13.720 bar just by you know, following them and going into 0:12:13.720 --> 0:12:16.839 a bar and applying them with drinks and slowly getting 0:12:16.880 --> 0:12:18.559 information out that way. There are a lot of different 0:12:18.559 --> 0:12:20.440 ways of doing it. Now, the way that this one 0:12:20.480 --> 0:12:23.080 worked was very much what Chris was saying. It was 0:12:23.160 --> 0:12:27.480 an email that came through that lured people who worked 0:12:27.520 --> 0:12:30.840 for Epsilon. Epsilon is the company that's that database manager 0:12:30.880 --> 0:12:33.680 that we've been talking about, that's the trusted business partner. Yes, 0:12:33.960 --> 0:12:36.599 that's the company that that was handling all these databases 0:12:36.640 --> 0:12:40.600 for for hundreds of clients, and this affected millions of 0:12:41.120 --> 0:12:43.760 the final customers, which you know, people like me and 0:12:43.840 --> 0:12:47.079 Chris um. So it was a it was an email 0:12:47.120 --> 0:12:50.040 that was a phishing scam and uh what it did 0:12:50.120 --> 0:12:53.960 was they it was targeting Epsilon employees in particular. And 0:12:54.720 --> 0:12:56.800 one of the scary things is that this was a 0:12:56.960 --> 0:13:02.400 known problem. Oh yes, this was something that return Path, 0:13:02.520 --> 0:13:06.240 which is a company that is used for services like 0:13:06.280 --> 0:13:10.960 tracking email delivery. It. Return Path had an alert go 0:13:11.040 --> 0:13:17.520 out on November about phishing attacks that were aimed specifically 0:13:17.559 --> 0:13:21.360 at companies like Epsilon that manage these huge databases, and 0:13:21.480 --> 0:13:25.440 essentially that alert was, Hey, we're tracking a lot more 0:13:26.000 --> 0:13:29.240 phishing attempts for people who work for these companies, and 0:13:29.280 --> 0:13:31.880 we're guessing that the reason for this is they're trying 0:13:31.920 --> 0:13:37.040 to get their hands on customer information like emails and names. UM. 0:13:37.080 --> 0:13:40.400 Just as an aside, so that people know, UM, when 0:13:40.400 --> 0:13:42.960 we talk about phishing, we're talking about the pH phishing, 0:13:43.520 --> 0:13:46.199 which is UH. This is the type of social engineering 0:13:46.480 --> 0:13:50.040 that doesn't necessarily involve software in your computer. In general, 0:13:50.080 --> 0:13:53.360 a phishing attack is UM. If you've ever seen some 0:13:54.040 --> 0:13:57.319 account an email saying that your your account has been 0:13:57.360 --> 0:14:01.320 compromised and you need to UH send your user name 0:14:01.320 --> 0:14:03.760 and password, and you realize, hey, I've never had an 0:14:03.800 --> 0:14:07.400 account at that bank. UM, And wait if I if 0:14:07.440 --> 0:14:09.200 I click on this link, it takes me to some 0:14:09.280 --> 0:14:11.480 other completely different U r L. This is a social 0:14:11.520 --> 0:14:15.320 engineering technique saying you know, we need all the information 0:14:15.320 --> 0:14:17.560 you're willing to supply us, please fill it out. We 0:14:17.559 --> 0:14:19.560 don't And and when you look at the r L 0:14:19.640 --> 0:14:21.040 and it's not the same U r L as the 0:14:21.080 --> 0:14:23.840 company that you're doing business with. They don't have access 0:14:23.880 --> 0:14:27.600 to that information. So they try to create a website 0:14:27.640 --> 0:14:31.360 that looks just like the one that you're bank uses, 0:14:31.520 --> 0:14:35.560 or your other account holder uses or account provider uses, 0:14:36.000 --> 0:14:40.120 and lure or fool you into giving away your user name, 0:14:40.160 --> 0:14:45.160 your password, any other social security any information that you're 0:14:45.200 --> 0:14:48.800 willing to give because that those types of data are 0:14:48.840 --> 0:14:52.320 the kinds of things that people can use to falsify 0:14:52.440 --> 0:14:56.200 records and steal your identity. Um so, I mean they 0:14:56.320 --> 0:14:58.400 when we talk about fishing, that's in a broad sense, 0:14:58.480 --> 0:15:02.240 they're they're trying to get important information from you by 0:15:02.240 --> 0:15:04.880 fooling you into just giving it up on your own. Yeah. There, 0:15:04.880 --> 0:15:06.680 And there are different techniques for that as well, Like 0:15:06.720 --> 0:15:09.040 if you get you can get a phishing attack where 0:15:09.480 --> 0:15:12.240 it's like Christmas saying it's from a bank that you 0:15:12.280 --> 0:15:16.200 don't even use. Those that I have no idea what 0:15:16.240 --> 0:15:18.400 you're talking. That's like a shotgun approach. I get these 0:15:18.440 --> 0:15:24.240 all the time for Blizzard World of Warcraft accounts, and 0:15:24.320 --> 0:15:27.400 I don't play funny, but I don't play World of Warcraft. 0:15:27.400 --> 0:15:29.280 But apparently this is a thing. I didn't know it 0:15:29.360 --> 0:15:31.480 was a thing. I got an email that said that 0:15:31.600 --> 0:15:34.880 my account for Blizzard had been compromised, and I thought, huh, 0:15:34.960 --> 0:15:36.360 that's a heck of a thing. I don't have an 0:15:36.360 --> 0:15:39.440 account with Blizzard. I wonder how that happened. And uh. 0:15:39.560 --> 0:15:42.800 And then I talked to Tracy Wilson, who is not 0:15:42.920 --> 0:15:46.480 only a head of our editorial department here, she's also 0:15:46.840 --> 0:15:52.120 a former World of Warcraft, let's say, enthusiast, and and 0:15:52.400 --> 0:15:56.400 she said, yeah, that's a thing. There's there's this spam attack. 0:15:56.440 --> 0:15:59.960 It's a phishing attack to try and get information from people. Uh. 0:16:00.160 --> 0:16:02.760 And now I notice if I look through my junk mail, 0:16:02.800 --> 0:16:04.680 I tend to get you know, my junk mail ends 0:16:04.760 --> 0:16:06.920 up filtering it all out, but I tend to get 0:16:06.960 --> 0:16:10.080 a few of those each week. Now, well, that's kind 0:16:10.080 --> 0:16:12.200 of like the shotgun approach to fishing, but there's a 0:16:12.240 --> 0:16:15.600 more directed approach where if the attacker has just enough 0:16:15.640 --> 0:16:19.600 information about you to kind of tailor the phishing attack 0:16:19.640 --> 0:16:21.280 to be more likely to get a hit. We call 0:16:21.360 --> 0:16:25.920 that spear fishing. I as much as I dislike fishing, 0:16:26.240 --> 0:16:28.800 I like that term. Yeah. So spear fishing is where 0:16:28.840 --> 0:16:32.760 you have identified a particular vulnerability and you're going right 0:16:32.840 --> 0:16:36.000 for it. Well, in this case, these these fishing attacks 0:16:36.000 --> 0:16:40.000 that were directed towards Epsilon employees directed the employees to 0:16:40.120 --> 0:16:44.280 a website where that contained a link that UH downloaded 0:16:44.360 --> 0:16:50.560 and auto ran some malware onto the victims computers. So 0:16:50.960 --> 0:16:55.440 that malware UH did several things. One it turned off 0:16:55.480 --> 0:16:58.840 the anti virus software on the user's computer, so now 0:16:59.000 --> 0:17:03.600 you're you're detective of on your machine has gone to sleep, right. 0:17:04.080 --> 0:17:07.480 There was a trojan key logger called i Steeler also 0:17:07.640 --> 0:17:11.480 used on that which is specifically designed to help hackers 0:17:11.520 --> 0:17:15.879 steal passwords. And then there was another tool called cybergate, 0:17:16.240 --> 0:17:19.960 which is used to gain remote control of a system 0:17:20.080 --> 0:17:22.800 once it's been compromised. So you know, you guys have 0:17:22.920 --> 0:17:25.560 heard us talk about hackers doing this with bot nets before. 0:17:25.680 --> 0:17:28.040 That's that's exactly what this one was. It's just ahead 0:17:28.040 --> 0:17:31.879 a very specific target. So once a couple of employees 0:17:31.880 --> 0:17:34.919 fell victim to this, despite the fact that there had 0:17:34.920 --> 0:17:38.359 been a warning in November of UH, and there's still 0:17:38.760 --> 0:17:42.320 conjecture over whether or not Epsilon employees ever knew about 0:17:42.320 --> 0:17:45.000 the alert. I mean, we don't know the information. Epillon 0:17:45.000 --> 0:17:48.040 has not been terribly chatty about it as of the 0:17:48.040 --> 0:17:52.440 recording of this podcast. Um, anyway, the the system was 0:17:52.480 --> 0:17:55.919 compromised and hackers were able to access those databases with 0:17:56.040 --> 0:17:59.520 all those names and email addresses, including Chris's and mine 0:17:59.600 --> 0:18:03.640 and my lives and there we go. So we got 0:18:03.680 --> 0:18:07.160 four people just out of connected to this podcast who 0:18:07.160 --> 0:18:11.160 are affected. Um, they got all that information, and well, 0:18:11.240 --> 0:18:12.760 now the question is what can you do with that 0:18:12.840 --> 0:18:17.840 if you only have email addresses and names? Yeah, which 0:18:17.880 --> 0:18:20.520 is so far that's what they're claiming. Everyone should probably 0:18:20.600 --> 0:18:22.919 keep an eye on their finances just in case if 0:18:22.960 --> 0:18:26.080 there's anything hinky going on, you can act on it immediately, 0:18:26.280 --> 0:18:29.800 because there's always the chance that maybe more information was stolen. 0:18:29.840 --> 0:18:31.919 Then we are led to believe right now, I'm going 0:18:31.960 --> 0:18:33.399 to take them at their word and say, all right, 0:18:33.440 --> 0:18:35.560 it's just the names and email addresses. Well, it's not 0:18:35.560 --> 0:18:37.320 in their best interest to lie at this point. No, 0:18:37.440 --> 0:18:40.359 it would just get them and even by if the 0:18:40.400 --> 0:18:43.560 information is out there, there's no way they're getting it back. Right, 0:18:43.840 --> 0:18:47.440 So if it if it was a problem, the responsible 0:18:47.440 --> 0:18:49.200 thing to do is go ahead and say, look, this 0:18:49.280 --> 0:18:52.280 was a catastrophic failure and we need to react because 0:18:52.280 --> 0:18:54.359 the longer we wait, the more damage will be done. 0:18:54.880 --> 0:18:58.080 So i'm i'm I'm imagining that they're being and they're 0:18:58.080 --> 0:18:59.639 they're at least telling the truth as far as they 0:18:59.680 --> 0:19:02.720 under stand it. Right. If more information was stolen, they 0:19:02.720 --> 0:19:06.800 are not aware of it, so names and email addresses well. 0:19:07.320 --> 0:19:09.080 But one of the problems that could come out of 0:19:09.119 --> 0:19:12.280 this is more spear fishing attacks. But now instead of 0:19:12.320 --> 0:19:15.240 attacking the Epsilon to get its data base, it's going 0:19:15.320 --> 0:19:19.280 to be attacking the ultimate consumer like me and Chris 0:19:19.320 --> 0:19:22.959 and my wife and Chris's wife. Um, we will be 0:19:23.000 --> 0:19:26.399 the targets for these attacks, and it'll be spear fishing 0:19:26.840 --> 0:19:29.680 because since they pulled this information out of the upsilons 0:19:29.760 --> 0:19:32.920 data base, they're going to see which companies we had 0:19:33.400 --> 0:19:36.840 UH created accounts with. Yes. And this is also going 0:19:36.920 --> 0:19:40.000 to be tricky for spam filters to pick up on 0:19:40.520 --> 0:19:43.679 because one of the things they that spam filters traditionally 0:19:43.720 --> 0:19:45.320 look for is whether or not it seems to be 0:19:45.359 --> 0:19:48.600 personalized to you. I mean now that that spam filters 0:19:48.600 --> 0:19:51.040 are as sophisticated as they are, and of course we 0:19:51.119 --> 0:19:53.680 all know that even the best still let a few 0:19:53.680 --> 0:19:57.720 slip through on occasion. Um, and at least in a 0:19:57.760 --> 0:20:01.560 lot of cases. Uh, you'll you're going to see you're 0:20:01.560 --> 0:20:04.760 gonna have to be careful when you receive email, especially 0:20:04.760 --> 0:20:09.000 from companies that you know their information was compromised by epsilon. 0:20:09.080 --> 0:20:13.080 Now again, i've got five to look at. Um, you 0:20:13.119 --> 0:20:15.280 can sort of keep an eye on that. And it's 0:20:15.320 --> 0:20:19.040 always a good idea to be a little skeptical, especially 0:20:19.080 --> 0:20:21.639 if they're asking for information. Now, a lot of companies 0:20:21.640 --> 0:20:24.840 have gotten really good about reminding people of this. Um. 0:20:25.040 --> 0:20:27.320 You know, they say, remember, we will never ask you 0:20:27.359 --> 0:20:29.800 for your social security number. Don't give your your social 0:20:29.840 --> 0:20:32.919 security number over email, don't you know. If you have 0:20:32.960 --> 0:20:35.760 any questions, please call our customer service line. Don't fill 0:20:35.840 --> 0:20:41.080 up information in an email. And exactly that's the other 0:20:41.119 --> 0:20:45.520 thing email isn't isn't in general secure. So you you 0:20:45.520 --> 0:20:49.400 wouldn't want to send a friend somebody that you trust. 0:20:49.440 --> 0:20:51.359 You wouldn't want to send a friend your social security 0:20:51.440 --> 0:20:54.560 number over email. It's a bad idea. Um, that's why 0:20:54.560 --> 0:20:58.320 I just tattooed on the bomb on their feet. So 0:20:58.440 --> 0:21:01.720 you should also not be Jonathan's friend. Yes, it's a 0:21:01.720 --> 0:21:09.199 painful experience, believe me, um, I hate that screaming. Also, again, 0:21:09.440 --> 0:21:12.480 be very careful looking at the and look at the 0:21:12.560 --> 0:21:14.919 U r L s that they're asking you to click on. 0:21:15.520 --> 0:21:18.920 If it doesn't look like something related to the company, 0:21:19.000 --> 0:21:22.240 don't do it. If you have any question at all, 0:21:23.040 --> 0:21:25.080 I mean, if you have that pausing and now it's 0:21:25.080 --> 0:21:28.520 probably okay, don't have that pause right now. Get in 0:21:28.520 --> 0:21:31.080 contact with them, say are you really you know, you 0:21:31.359 --> 0:21:33.399 look at the number that you know is actually the 0:21:33.440 --> 0:21:35.640 number for that company and say, hey, I've got this email. 0:21:38.040 --> 0:21:40.280 This is this is a real message. Do you really 0:21:40.280 --> 0:21:43.000 want this information from me? And you know, if if 0:21:43.040 --> 0:21:45.240 they give you an email or phone number in that email, 0:21:45.240 --> 0:21:48.280 I wouldn't trust that anything. Most of these companies, these 0:21:48.280 --> 0:21:51.399 companies should all have the information they need already from you. 0:21:51.520 --> 0:21:54.520 They should not be asking for it again. If they 0:21:54.600 --> 0:21:57.000 are asking for it again, that's indicative of one of 0:21:57.040 --> 0:21:59.640 two things. Either you're getting a phishing email and someone 0:21:59.760 --> 0:22:01.800 is trying to get your information so that they can 0:22:01.840 --> 0:22:05.240 they can take advantage of you, or the company that 0:22:05.480 --> 0:22:08.160 is doing your business shouldn't be doing your business because 0:22:08.200 --> 0:22:13.480 they have been uh irresponsible managing your data. So either way, 0:22:13.680 --> 0:22:16.280 it's either way. The answers. Do not give your data 0:22:16.359 --> 0:22:19.680 over email. UM. And another thing to look for is 0:22:19.720 --> 0:22:22.240 in the u r L. Look for h T T 0:22:22.520 --> 0:22:24.800 P S if it's a secure system, and look at 0:22:24.840 --> 0:22:28.600 that little lock symbol. That's an indication that it's a 0:22:28.600 --> 0:22:31.640