Expert Panel | META's Hidden Data Collection Scheme Finally Exposed

Show Notes

New Episode🔥The Cybercrime Junkies Chaos Panel with inventor Mike Acerra founder of LuxBlox and Dr Sergio Sanchez. The show dives into the world of cybercrime and cybersecurity, offering insights for cybersecurity for beginners and seasoned pros alike. Learn about the latest threats, including ransomware and malware, and the minds of the hackers behind them. Stay informed and protect yourself from cyber crime.

CHAPTERS
00:00 AI and Identity Theft
08:10 AI clones your voice and steals your job
16:35 Mexico's government gets hacked using Claude AI
24:30 UFO shoes website scam drains credit cards
32:20 Dubai bombing victims targeted by fake crisis center
40:12 Kids raised by iPads instead of parents
48:00 Hacker Hype game begins with famous breaches
56:30 Ransomware negotiators running their own scam
01:04:40 Healthcare ransomware attacks force hospital shutdowns
01:12:30 Grandma's nursing home drug dealing operation

Exciting announcement for our podcast listeners. Our non-fiction True crime Book MOVING TARGET: ART OF ONLINE CAMOFLAUGE was just published. Three years. 400+ interviews. A new trilogy. Book 1 is out now, available on Amazon, We are all Stevie Parker. 

Moving Target: The Art of Online Camouflage is available now https://a.co/d/01fq72zj

Growth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com  
 

Support the show

🔥New Exclusive Offers for our Listeners! 🔥

• 1.  Remove Your Data Online Today! Try OPTERY Risk Free. Sign up here https://get.optery.com/DMauro-CyberCrimeJunkies
• 2.  Or Turn it over to the Pros at DELETE ME and get 20% Off! Remove your data with 24/7 data broker monitoring. 🔥Sign up here and Get 20% off DELETE ME
• 3. 🔥Experience The Best AI Translation, Audio Reader & Voice Cloning! Try Eleven Labs Today risk free: https://try.elevenlabs.io/gla58o32c6hq 

Dive Deeper:
🔗 Website: https://cybercrimejunkies.com

📰 Chaos Newsletter: https://open.substack.com/pub/chaosbrief

✅ LinkedIn: https://www.linkedin.com/in/daviddmauro/
📸 Instagram: https://www.instagram.com/cybercrimejunkies/

===========================================================

Transcript

speaker-0 (00:03.436)
A contractor in Nairobi is likely drawing little boxes around your wife's body right now. Annotation boxes labeling her body parts. So Metta's algorithm learns what undressing looks like. And that's not conspiracy theory. Those are literally in the terms of service for those stupid Ray-Ban glasses seven million of you bought. Look six pages deep in those terms of service. There's a

Big Claws. Humans may manually review your footage. Seven million pairs sold last year. Zuckerberg wants to double production with 20 million walking cameras by Christmas. And Meta's official response? We take privacy seriously. Same line they used after Cambridge Analytica. Word for word.

Have you ever noticed how we take privacy seriously is always past tense because they take it seriously after they get caught never before. It's funny how that works. Today, we brought inventor and philosopher, Mike Asera and Dr. Sergio Sanchez, a CISO author and former executive at Apple and Activision into the studio to break apart everything from deep fake job interviews.

to ransomware negotiators skimming off the top like a Vegas hooky. Turns out the people you're paying to protect you might be the ones robbing you blind. This is Cybercrime Junkies and now the show.

speaker-0 (02:13.292)
the draft copy? on. Yes. Welcome everybody. I'm Crime Junkies. I am your host. David actually have always gone by Dean Morrow in the studio today. We have inventor Mike Acera. Mike, how do you do you say your last name? Acera? Acera? I've always called you Acera.

speaker-2 (02:15.018)
suppose next

speaker-1 (02:37.422)
It's a chair. You roll the arch. So we changed it 100 years ago. My grandfather came here. He changed it to a Sarah because he was in Chicago and they all talk. I hated the sound of my name growing up, especially the Chicago wine. Sarah, I changed it back in college. I I'm to go back to a chair. So I don't care if people can't say it.

speaker-0 (02:49.208)
We wanted to.

speaker-0 (03:00.79)
I like it. I like it. And also in the studio is Dr. Sergio Sanchez with a big announcement. Hello, everybody. Welcome guys. Two of my favorite inventor creators and guys that have lived multiple lives so far. I can't like so for people that may not know Sergio, medical doctor, came to America, became a citizen.

Worked for Apple, managing hundreds of geniuses. Worked for in game design with a company that ultimately bought by Activision, developing like really cool games. Mike and I went to college. I also went to college with Mike's smarter better half, Heather, and Mike is an inventor.

the CEO and founder of Luxblox, a artist, traveled the world, lived in like a hut for a while. Like we've all, you guys have so, so many, there's so many books there. But speaking of books, Sergio has a new book.

speaker-2 (04:12.05)
Yes, this is the draft copy. It's not the official one. The official one is coming out March 16, available in Amazon, basically. Like everything else in the world. It's a little bit my idea of what will happen if AI, artificial intelligence, get to the point to be super artificial.

speaker-0 (04:22.84)
Yeah. Everything else in the world.

speaker-0 (04:38.008)
Right, when it becomes truly sentient, right?

speaker-2 (04:41.166)
when the singularity happened is about what happened if it's a good thing or what happened if it's a bad thing so that is in the book is a novel which is so funny I finished to write the the book basically last month February and at the moment that I was typing the last chapter mold book shop

speaker-0 (05:09.25)
Right, Moldbook with open claw? Yeah. Right.

speaker-2 (05:11.608)
Yes, and I have to change my prologue. Wait a second, I thought this was going to be a fiction. Now I know about this.

speaker-0 (05:21.326)
So, Multbook, we love talking about this because Multbook came out and it's open source, right? Anybody can download it and it is an agent. You just download it on your computer and you just tell it what to do. Like go through all these files and like, tell me what I'm missing. Tell me what I can do with it. Tell me if I should be emailing people, contacting people, what should I do? And then you leave.

You go like drive your car, you go to the park, you walk your dog, you have dinner with the family, whatever. And then like, meanwhile, Mouthbook, I'm sorry, like OpenClaw is doing all this work. It has literally figured out there's phone calls to be made. So it clones the voice, goes and gets a burner number off of Google on its own while you're at the park and will make

speaker-2 (06:19.424)
in your day.

speaker-0 (06:19.904)
I've seen a video where a guy has this installed and all of sudden his phone starts ringing. It's like, my AI assistant is calling me. I'm like, what?

speaker-1 (06:28.142)
It copies your voice?

speaker-0 (06:30.336)
It can, yeah. Like it either grabs one from 11 labs, but if you have your own voice selected, it can do that. Freaky.

speaker-2 (06:39.97)
Well, let me tell you, yesterday I was reading, it's a new company called Mail Agent. Sorry, Mail.to. that you can now give email address to your agent. So, that's his own private email address.

speaker-0 (06:46.637)
I think.

AgentMail.TO, okay.

speaker-0 (07:01.59)
And then it's just going to start emailing as you out to tons of people.

speaker-1 (07:09.736)
LinkedIn I think is riddled with fake people now because I'm getting these messages and they're too good-looking and I asked my AI say is this real gets woman real and she's like well if she's not real she's doing a really good job, know, but I know And it might be a woman real moon whose it's her agent But the follow-up clicks right on the messages are instant, you know, I mean, it's just too you know, it's not right. Yeah

speaker-2 (07:33.71)
I agree. Let me tell you something that I found now some companies doing and this is legal and it's happened to me. So it's a company. will not mention names right now, but contact me like a, Hey, we have an amazing opportunity for you executive position that pays 400.

So you go and search the company and the company is real. Me being the CISO of my company, I have to be sure that everything that I read is real. So yes, it's real. They are located somewhere in England. They have locations everywhere. But what they do is they contact high level executives in the companies offering a job, a better job than the one they have.

like at the dream job. So when you contact them and by phone, this is or by zoom. So you see a real person, you are talking to a real person. I'm sure they are. But the thing that happened is now that I have you here, yes, I will do this for you. And this company is great. And I will talk with a manager that is hiring over there, blah, blah, blah. But in the meanwhile, do you have any positions to open in your company?

speaker-0 (08:51.128)
So then, man.

speaker-2 (08:53.858)
well, I need these, these, perfect. And then it's a game, like, perfect. I will contact you with these people that we have already here that they are good for this position. Meanwhile, we are looking for you another job over there. So when you play the game, like, yes, I need a programmer, a developer. great, excellent. And they send you real people. And you talk with real people. But that is the hook.

You understand? Like they want to get people in a position that they are able to hire somebody else. And of course, part A, you offer me to be a president of this little country. What happened with that one? We need to talk with people and we need to talk with the people. so they extend it until you get a job for whatever they're offering. So.

speaker-0 (09:48.014)
man, so yeah, and there's so much room to exploit that, right? You know, somewhat related, was talking to a, you know, we do cybersecurity services, right? So I'm talking to a business owner, small shop, like they build, they do apps that help law firms, right? And they help law firms with like e-discovery.

speaker-2 (09:49.74)
there of fraud and

speaker-2 (09:55.704)
Yep.

speaker-0 (10:14.882)
depositions, things like that. And so they need some coders sometimes. And they're based in Nashville, Tennessee. And they went and were interviewing several different people for this role. They didn't have to, it would be great if they lived around Nashville, but they were entertaining some people around Ohio, Kentucky, Missouri, stuff like that. They didn't want to get anybody overseas.

They got in a whole bunch of resumes. And this was right through LinkedIn, right through Indeed, right through, you know, the regular job boards. And these people, the resumes were perfect. I mean, perfect. Like, they have experience in legal field, developing these types of things. They get on the interviews with these people and they look exactly like the person that they claim to be.

But after a while in the questioning they could tell something was up like they didn't really have the knowledge and there were some pauses in the interview Fast forward to the end when I was talking to them They had 15 interviews For the candidate right which is a low number, but it's a small firm only like 20 20 employees or so 15 interviews eight of them

wound up being AI deep fake interviews. Eight of them, more than half. That's a significant portion for a small business. Real time interviews. It was a stolen identity, right? They use stolen identity. They were calling from overseas. They were using an AI filter, right? If they had to be a 40 year old Asian woman, even though they are

speaker-1 (11:48.236)
Real-time interviews.

speaker-0 (12:07.278)
a man who's in his 20s, let's say, right? They used AID fake technology and they would sound exactly like that person and look exactly like that person that they had on LinkedIn, that profile that they had on LinkedIn. But that profile on LinkedIn was fraud. It was a stolen identity that this group had created. They had created hundreds of them and they would go and apply for different jobs. And the whole goal

He stopped one of the interviews. reason he found out about it is he's like, stop. This is like the third or fourth or fifth one that I've seen. He's like, just tell me what's going on. I won't turn you in. I just want to know what's going on. And the guy actually like, for whatever reason, maybe his keeper wasn't around or something, took off the mask, turned off the virtual camera, right? And it was a dude. And he was like, he's like, I work at a call center.

He's like, we just do this. He goes, well, what's the plan? What were you trying to do? He's like, we just wanted the paycheck. He's like, we have a whole team of people, some of which have the skills that you need. We would do just enough to not get fired and make it last. The goal is to make it last a year. And they just wanted the income because we don't trade with them. We don't give them income. is. It's it's.

speaker-1 (13:27.291)
It's more sad than infuriating.

speaker-0 (13:31.21)
It's very complex, like the social dynamic. It's like when Sergio and I interviewed this retired FBI guy who went just got back from Cambodia and met the people that were working in these scam centers. It's human trafficking. They're not even voluntarily being mean to us. They work for they thought they were getting a job. They started out the job, set up their pay.

They went there and then they're like, hey, let's go take a job. Let's go take a ride over to corporate. They go over to corporate and there's like a gun put to their head. They're put up in these scam centers. They're removed from all communication to their family. And they are like threatened with like violence and a cattle prod, an electrical cattle prod. If they don't scam Americans and hit a certain quota. I couldn't even believe that was real.

speaker-2 (14:22.924)
Dave, let me tell you.

speaker-0 (14:26.195)
Let alone like a big organization.

speaker-2 (14:28.672)
Let me tell you, last week, one of my friends from my class sent me a message, like, is this real? Because sounds very attractive to me. And he's a retired guy, he's my age. And, know that I'm going to retire.

speaker-0 (14:40.556)
Right.

But no, I know, I know I'm working until I'm working until somebody kicks me over and just starts doing the podcast. Yes, exactly.

speaker-2 (14:50.03)
My retirement plan is called The Rapture. The funny part here is he sent me this message from a company that's offering $5,000 a week. $5,000 a week. He's in Mexico. And the message says,

speaker-0 (15:07.694)
That's lot of money in Mexico. A lot of money.

speaker-2 (15:10.018)
Yes, but the funny part here is we are looking for somebody that looks in Mexico and speak 100 % Spanish. So the first mistake there, like, hey, did you notice that, I don't know, 99.9999 % of Mexicans speak Spanish. So first thing there, like, you want somebody that lives in Mexico and speaks Spanish.

speaker-0 (15:28.974)
Right,

speaker-0 (15:34.414)
Speak Spanish.

speaker-2 (15:35.906)
Okay, and it's Mexican. All right. And the second one $5,000 for just making calls. So I went to check the company name. The company name is real. It's a company that is based in Australia. But the funny part here is kind of for the company is to teach AI.

speaker-0 (15:45.462)
I'm moving, because that sounds like a j-gig.

speaker-0 (15:54.624)
Okay.

speaker-2 (16:02.816)
And suppose the thing is you can work remotely and you will be teaching this machine, blah, blah. But then the information to contact the company is in India. Okay. And the phone number is in Cambodia.

speaker-0 (16:22.382)
So it's all just... Yes.

speaker-2 (16:25.678)
So the thing that when pick your attention you go to the Company website that is a real company is a legal official correct company But the information that they are giving you in the whatsapp Is contact this number and the number they are contact after you saw abs is real. It's in Australia. It's in her great Yes, they are offering me this money. Let's

speaker-0 (16:52.098)
Well, it's right. It's what makes, you know, the old social engineering attempts and the old, know, Mike and I were talking about this just yesterday where you're talking about the these threats and these psychological manipulation that they're doing. It's been around for hundreds of years. They're just doing it at scale now. They think it through, right? They're like, well, what are will Americans do or?

speaker-2 (17:14.854)
of the

speaker-0 (17:21.262)
people in Mexico. Well, like what will what will what would a reasonable person do to check us out? Well, they would go to a website. Do we have a legit they'll they'll create a legit website. Are we a registered business? Sure. Bob and I created a business. I mean, it's just they go through all of the elements. Do we have the certain employees on LinkedIn? Sure. They just create them. They put them on LinkedIn. Like so as you're doing your checks, you're like

speaker-1 (17:36.202)
story today about that.

speaker-0 (17:49.44)
Well, looks real, right? looks like it like depending on how many layers you peel back the onion, you're kind of able to able to see it. But anyway, this is a chaos episode. Let's get right into it. And then we're to play Hacker Hype because Mike hasn't played and I

speaker-1 (18:06.674)
So watch Sergio play. With his better hair, with his dry hair, the big hair.

speaker-0 (18:14.914)
He's I'm just telling you, I'm very, I'm very, I'm very just I'm up to I'm going up to Ohio in a couple of weeks to whenever, whenever he tells me. So I'm going to just get near him and just try.

speaker-1 (18:27.598)
Where in Ohio are you? city?

speaker-2 (18:29.71)
My company, well, the company's in Kent, close to Kent University, State College, yeah, Kent State University, the famous one from there. originally, you know, we are, you know, close to Stow, Ohio. That's a little, little town close to Kent. We are 35 minutes south of Cleveland.

speaker-0 (18:54.19)
Yeah, my daughter and my grandson actually live right there in Talmadge. Yes, there you go. It's all these are all little towns right by Akron. know, Akron is a little town south of Cleveland.

speaker-1 (19:06.862)
I found I was reading about Kent this morning as I was looking up I was kind of mad about you know, Iran You know sounds like what when when it when do you hang your flag upside down? just looking it up and it said Here's a few things. Well, it did it said Kent State is at the Vietnam War especially Kent State University people hung their flags upside down like Interesting and then you're talking with him stay. Yeah

speaker-0 (19:30.318)
Isn't that? Well, and the famous Neil Young song, Ohio is about. Yeah, yeah, yeah, yeah. It's fascinating. One of my my kid I grew up with, who's actually an actor out in Hollywood now, B actor, but he's he's had a lot of roles and he's also a stunt man. But he and I grew up together and he went to Kent State. He loved it. So that's.

speaker-1 (19:35.854)
Ohio.

speaker-1 (19:56.842)
school.

speaker-2 (19:57.23)
It's a beautiful list.

speaker-0 (19:59.04)
It's beautiful. The campus we used to live right by there. lived over near Rootstown there and we would go there on the weekends and stuff. It's fantastic. Yeah. So let's, let's, let's do the stories. Mike, go ahead.

speaker-1 (20:07.214)
Want to hear my cyber story?

speaker-1 (20:12.526)
Okay, my story involves a guy who is a of mine. He's actually family number two. He's a boomer. He tried to get out of the Vietnam War, but he finally got his number. And so he joined the Navy and he to the Great Lakes up here in Chicago. But he was very clever, smart guy. he opted into cyber.

So he was, he was a spook and he would put the earphones on and he'd listen to signals. Right. And so he, so that's his background. This was back in the seventies and he heard lots of interesting things, but he was on, he was on what would become the internet way before anybody else got to see it. They had their own version of the internet that was real back in the seventies before it became. So anyways, but jumped to today and he likes UFOs those shoes, UFOs. They're kind of like a little.

You know, you know, kind of like sandals and stuff. I think yeah ugly, but you know, they're plastic shoes He likes and they're very comfortable So he went to the UFO site and he made an order and it said all your credit cards not working He goes, oh shit. goes you can put a different credit card number in so he put a different credit card number in then he realized after that one failed that something was wrong so he backed out of the site and a week goes by and he sees he's a alert on his and his texts

speaker-0 (21:27.015)
That credit card has been used for multiple transactions.

speaker-1 (21:31.286)
So he caught one of them was a hotel in Seattle. So he calls the hotel up and they go and they said, yes, you're you stayed here the other night, Mr. Mr. So and so and.

speaker-0 (21:41.006)
Really? did I have for dinner?

speaker-1 (21:44.014)
They gave him the perps picture of his ID. This guy was like partying hard on this guy's credit card. So he called the Seattle police. They had no interest at all. They said, got to call your local police here in Galesburg. So he called the local police. They came out and filled a whole report out and nothing was going to happen.

speaker-0 (21:48.928)
they did, that's good!

speaker-0 (22:05.038)
think it was doing Galesburg. Galesburg is a adorable town. to college there, loved it. Always wish I could have. Yeah, but it's a small town. Like they're not going to have a cyber division necessarily in their police department.

speaker-1 (22:18.894)
I don't know what the recourse is to that just that it went nowhere. So it was a clone website. Ufos is a real company, but he went to a probably was like Ufos with two S's or something. I don't know what it was. He was like.

speaker-0 (22:31.844)
yeah, or sometimes it'll be like they'll they'll do what is it called Sergio where they'll use the yeah, they'll they'll use the Russian like the Russian. Yeah, it's Cyrillics. They'll do that like.

speaker-1 (22:45.342)
Also, if I just want to go to chat, sometimes Claude will come up first. And sometimes they look alike. There's also another one that says chat something. It almost looks like chat. So you can so easily click on the wrong AI. But anything. There's lots of stories. Because Google pushes up things to the top.

speaker-0 (23:03.726)
Well, and so to the sponsored ads pop up. That's what I mean. Google and Google and Metta don't care because the money's green. They don't care if it's a fraudulent site. It was right.

speaker-1 (23:08.054)
Yeah, you could get the wrong.

speaker-2 (23:16.238)
Meta says that they know that they had fraudulent advertising.

speaker-0 (23:22.014)
that's my story today that's my story no no i'm all over meta i'm like yeah no that's a good one

speaker-1 (23:27.308)
was my story. My story's over.

speaker-2 (23:30.702)
Well, very fast, Mike, let me tell you before I start my story. Mexico has a hacker using cloud to get information from the government. And the story doesn't finish there. I have a friend that called me last night and says, hey, my computer is doing something very weird. Is this a black screen showing up? So I connect to his computer and I know. All my friends and family.

speaker-0 (23:55.25)
You're like, you're like IT support. Like you really are. You've got, he's got a big like Facebook page and he's like, he does all this CD printing. you should find it Mike. It's Dr. Firmware, right? On Facebook.

speaker-2 (24:11.502)
I will pass my total information, but let me tell you. So I went to the computer and yes, you have PowerShell windows opening, opening, And yeah, the computer is infected. And when this start, like I will, he's a director of an insurance company in Mexico. He through the official.

speaker-0 (24:20.406)
My gosh.

speaker-0 (24:30.83)
I'm a great target though.

speaker-2 (24:34.53)
you know, government website for updates, blah, blah. And he says, after I sign in the website, I have a pop-up that says to get access to this website, the insurance official website, you have to download this and install. And my God, I start like, but that is a real thing. That's a real website.

So I will, I went to check the information in that website and it's a sign that says our website has been hacked now for four hours. Please don't log in. He didn't read that. So I told him, I sent him with a friend that also live in Mexico to clean completely that computer and thanks God his information, the important files are out. So.

speaker-0 (25:18.318)
Okay, good.

speaker-0 (25:22.638)
Okay, good. And separate and immutable, right? Like the important stuff is whenever you back up your stuff, and Mike, I'm sure you do this, but if you don't, it's always good. All your designs, all your inventions and all that stuff, have a backup of it clearly, right?

but also have that backup immutable. Immutable just means like air gapped. Think of it like an external drive, right? That's unplugged from your computer. So that way if your computer gets infected, right, the first thing they're going to do is take your backups. They're going to make a copy of your backups and they're going to go to that first before they even kind of let you know that they're in your system.

speaker-1 (26:05.848)
So what kind of gateway do you do? Like it's a one-way revolving door. How do you transfer information to something and then the door locks? How does that happen?

speaker-2 (26:13.856)
Let me tell you very fast, in the computer world we'll call it the 3-2-1. Three copies in two different locations and one of those locations is completely disconnected from the computer. With that in mind, you have applications that can help you put things in the cloud like a driver.

speaker-0 (26:34.926)
Cove is a good one. Yeah, there's Cove, iCloud, OneDrive, some of those things. It's good to have one backup and then have one that's kind of on something physical or something that's just...

speaker-1 (26:49.986)
literal here so if I put something on my regular PC and I want to put it to a different device you're saying don't do with the

speaker-0 (26:58.19)
disconnect from the internet, then download it onto the drive and then remove that drive and just keep it somewhere.

speaker-1 (27:10.242)
so when you do the transfer of information, turn your Wi-Fi off.

speaker-0 (27:14.7)
Yeah, or just or, you know, or just disconnect, like just remove like sign out of your browsers. That there's so that there's no like live traffic.

speaker-1 (27:21.205)
or sign up.

speaker-1 (27:25.243)
And then don't.

speaker-2 (27:25.922)
I have to tell you very fast also, Apple used to do this a long time ago. Used to call it the time machine. The machine was an application that required for you to connect external hard drive. So you used to have external hard drive connected, pop up, hey, you want me to back up? Yes. Do the backup, the time that is spent depending on how much information you have.

speaker-0 (27:32.908)
Yeah, I remember that.

speaker-0 (27:40.108)
Right.

speaker-0 (27:50.668)
It was basically a snapshot of your entire thing.

speaker-2 (27:54.008)
put it in that and then just to say it's disconnected now.

speaker-0 (27:57.502)
What I always found hard about that was getting it back like finding it I'd have to go through all these snapshots Yes, and they weren't labeled right so I'd have to guess I have my stuff right that I'm looking for right and it was like I didn't really love that now I just I

speaker-2 (28:19.394)
But now you can put the labels and bite. Yeah, much better because yes.

speaker-0 (28:23.092)
okay, it's better now. Yes. I have a drive over there that has like time machine stuff and I'm like, I don't even go to it because I'm like, I'd have to figure out like November 2024. Did I like have my crap together then or not? you know what I mean? I'm like, you could you go through and it's really it kind of rolls in like a three dimension with like the date and you're like just going and then you just click on one.

But I didn't necessarily, maybe it's just a user error, probably is. So I just couldn't figure it out.

speaker-2 (28:56.734)
Very fast. Let me tell you my story. So we discovered last week that United States and Israel attack Iran And Iran is start to attack everybody around And one of the places that they attacked was Abu Dhabi and Dubai

speaker-0 (29:07.244)
Yes, it was.

speaker-2 (29:19.158)
And sadly, was casualties, know, in hotels, locations were bombarded. And the sad part here, which is where you lose faith in humanity, is hours after Dubai suffered the attack, hackers, well, scammers, start calling people and says, hi, we are the Dubai Crisis Management Center.

We to know if you are okay and we will need your information. Basically, what is your name? What is your address? What is your social security number? you are okay. Perfect. Thank you. Bye. Next. In another cases, just to say, hey, all the phones are getting hacked by the Iranian government. So we are going to send you information of how to change your IMEI, you know, the SIM card basically.

Now SIM cards are not anymore, you know, the digital, I mean, the physical ones, they are digital now. E-SIMS, they call it. So the person, yes, yes, here's all my information on my phone. And then click, no more service. Because now somebody...

speaker-0 (30:25.784)
Yep.

speaker-0 (30:34.638)
Now they've the sim swap. Now they've done the sim swap. there's some famous cases. Yeah, there's some famous cases about sim swapping. The group Scattered Spider, which is a bunch of young kids, they've gone, they've really mastered sim swapping. Because once they can take over that phone, they go in and grab the private keys from people's crypto wallets, and they target people that trade crypto. And they will go and they will steal all that money.

speaker-2 (31:01.76)
In this case, they start checking where is the information in the phone, get contact with the bank. The Bank of Hork is going to send the 2FA, MFA code and they are going to capture.

speaker-0 (31:14.346)
Yeah, yeah, they're able to get the code like you have no protection. They have your phone. They own your identity.

speaker-2 (31:20.558)
It's terrible because in moment where humanity is fighting each other and is people taking advantage of that.

speaker-0 (31:26.999)
Right.

speaker-0 (31:30.54)
Yeah, and I will say Iran too is, they do a lot of things wrong, clearly. But in terms of criminal hacking and like nation state hacking, like they are good. They're really good. They're one of the really top bad guys.

speaker-2 (31:45.528)
The arguing rate.

speaker-2 (31:50.348)
I have to tell you, we're watching a show in Apple TV and that is called Tehran. And it's an amazing show. And you see that all the people and he's filmed in Tehran. I don't know how they did that. Wow. you can see that the people want to get out of there. The people from Tehran want to escape.

speaker-0 (31:55.448)
the terrain.

speaker-0 (32:10.988)
They're all we're old enough. So when I was a kid living in the I lived in the city of Chicago and then lived out in the rural part. Well, even when I lived in the city, I knew people from Iran like they were they were moving here. They were starting businesses like it was an open, free society. It was like meeting somebody from France. It didn't really matter. Like and then all of sudden it stopped.

speaker-2 (32:37.806)
Yeah, the Shadi then was removed and then the Ayatollahs start.

speaker-0 (32:43.478)
Right, unbelievable.

speaker-1 (32:45.486)
It both involves, now we know, fuckery both times. We installed the Shaw and I think it was Jimmy Carter who kind of screwed the Shaw. So fuckery goes all around and there's places in hell for the people you're describing.

speaker-0 (33:00.258)
Yeah.

speaker-1 (33:00.542)
Sergio I mean in the ancient battlefields there would be people that will go out in the fields and pick the pockets and kick the gold Yeah, my dad's on World War two He fought in the Philippines and he saw fellow G eyes He called him hillbillies and they kicked the teeth they kicked the heads into the Japanese to get the gold out of their mouths so Demons come out in all different times, right?

speaker-0 (33:22.22)
Yeah. You're right. It's tragic. Speaking of demons, let's talk about meta. Now we enjoy the platform. We don't mind Instagram. We don't mind Facebook. Right. We leverage it. Yeah, compromised. Yeah, right. Yeah. And we're I mean, we're we're we're adults and we clearly are too old to have body images.

speaker-2 (33:23.407)
You're right.

speaker-2 (33:38.964)
Now to WhatsApp is part of

speaker-0 (33:50.646)
So body image issues. But I will tell you the story I have is several million people bought Meta's stupid looking Ray-Ban eye glasses last year. And Meta workers over in Kenya just told journalists that they're watching footage of strangers undressing, having sex and using the bathroom. So a Meta customer places his glasses like on the nightstand.

right walks out of the bedroom. Wife comes in, takes off her clothes, and then a contractor in Nairobi draws annotation boxes around her body parts so that the Metta's algorithm learns what a woman, a bedroom, and undressing looks like. This is like legit what's going on. So the marketing that the eyeglasses does, right, shows concerts and hiking trails, main character energy.

Right. But six pages deep in the terms of service, there's a clause in there that says humans may manually review your footage that nobody knows about. So and Metta is planning to double production to like 20 million pairs this year. So there's going to be like 20 million cameras walking around, walking people, watching people undress, use the bathroom. And like, I don't think a lot of people are good with that.

You know, Zuckerberg's response and Metta's corporate response is we take privacy seriously. But then again, they're on trial right now for for not necessarily doing that. And that's the same thing they said after the Cambridge Analytica thing years ago. So to me, I was just shocked. Right. And it makes me want to like next time I see somebody wearing them at dinner, I'm going to like walk up and remind their partner.

You know what I mean? Like, you know, there's a decent chance someone in Kenya is going to be watching you undressed.

speaker-1 (35:51.246)
But are you kind of shocked that you're shocked? mean, I'm shocked that you're shocked. I think this thing is listening to me all the time and all my friends do too. And I took TikTok off my phone because I saw its terms of service. I read the novel. So I just think that the CIA and NSA and the Mossad and the CCP, they all want this. And I don't believe for a second they're not listening to us. I just don't.

speaker-0 (35:54.462)
Yeah, I guess maybe that's

speaker-0 (36:16.354)
Yeah, I mean, and I don't think that you're wrong, and I don't think it's necessarily always for bad purposes. Yeah. Such an optimist, I believe in.

speaker-1 (36:26.222)
I don't think it's for charity.

speaker-2 (36:29.57)
Mike, I have to tell you something.

speaker-2 (36:36.162)
No, I'm not going to convince you, but let me tell you, I believe, and this was before quantum computing, that the more people get devices that they are paying attention of what they're doing, is so much amount of information now that they have to capture. I know enough computing and human power to be checking all that.

speaker-0 (37:05.538)
I think that was my point. I think it comes into play when they're trying to identify cells in the US. They're trying to identify arms trafficking, human trafficking, gun running, like drug smuggling and stuff.

speaker-1 (37:21.902)
but the problem is when they pick a poison they say oh yeah today's new terrorists are conservative catholic men. Yeah. Right. And you say Christ is king or something that's going to be a flag on their system they create an algorithm for who they want to find. Yeah good. They go rabbit hunting.

speaker-2 (37:28.502)
Right.

speaker-0 (37:35.79)
point, isn't it? And I thought that we were just a target of the left, right? Like I just thought, I thought I was just a target of the ladies on the view, right? Like the conservative Christian white male was the enemy, right? Because we're

speaker-2 (37:36.968)
You're right.

speaker-2 (37:52.322)
They that can change any day to the opposite

speaker-1 (37:55.182)
Exactly. Right. Yeah, it's the it's the principle. It's not the person exactly. Yeah

speaker-2 (38:00.418)
Sadly, you know, we live in a world that I don't know if we are prepared to live, if our mind is prepared to live. And this is funny. I, being a doctor, I always have the idea that our body didn't have the time in evolution yet to be eating the things that we eat today. know, increasing obesity everywhere in the planet.

speaker-0 (38:22.798)
track.

speaker-2 (38:27.786)
is because the reason of when we are becoming homo sapiens, we were every single day running behind a mammoth, a deer, it was, but you was running, you was hunting every day. And if that day was your lucky day, maybe you have food that day. And the woman every day walking and looking for vegetables or beets or whatever was available in the floor.

So we spend all our time.

speaker-0 (38:58.638)
You know, it's it's humankind and our physical development is at this level going at this stage. Meanwhile, technology has well, you know, financially increased and there's a huge exploitation.

speaker-1 (39:14.478)
We suffer from a curse of wealth is what he's saying.

speaker-2 (39:18.474)
Yeah, not only wealth time Time in our hands is the worst because if you don't have time you will go to a fast food restaurant to get whatever you want At that moment because you don't have to time to go to the grocery store. You don't have to time

speaker-0 (39:35.886)
Sit down for a meal, all of that.

speaker-2 (39:38.88)
or the opposite direction. You have plenty of time that now everything that you need to do is done because all the technology around you. And then you are watching just TV eating something because you are bored. The same thing with technology to me. Are we prepared to have all the technology that we have today and handle it correctly? That's the main question because now, you know, I have grandkids.

speaker-0 (39:50.542)
Right.

speaker-2 (40:04.534)
And I noticed that my daughter, the nanny is called Apple iPad. So when my little granddaughter is bored or crying or is fussy, here's the iPad play. But now how long, you know, how much time these kids are spending in front of a screen and what is this?

speaker-0 (40:21.068)
Right.

speaker-0 (40:29.164)
Yeah, we used to, I used to have cartoons on and I know we sound old, but we are like we used to have cartoons Saturday morning. Saturday morning was a treat. Monday through Friday, right? The sun would come out, the door would open and my mom would be like, come home when it gets dark and you were going and you were out there like, you know, like Lord of the Flies, like hanging from things, breaking stuff like

You know what I mean? Like you're like, how did we survive a and then how did we not get arrested? B and thank God there wasn't Facebook then. Right. But but all those things now, it's just it's constant. My grandchild has a television going or an iPad going. And every time I talk to my daughter, I'm like, get him to a park, like take the screen away.

speaker-1 (41:22.654)
That's job to say that to her. Jesus talked about how he's saying he's sowing enmity between brother and sister, between father and son. To be a Christian, to be a good person is to be an offer of fraternal charity and correction. And Sergio is saying he sees the crime that's happening to his grandchild, he's got to tell his daughter. And she might not listen to him, but that's the only way culture corrects itself. You can't rely on Silicon Valley to give us guidance because they're just making money off of

speaker-0 (41:25.4)
Yeah.

speaker-0 (41:50.478)
That's the whole thing, right? And that's what we're seeing that with Metta right now on with the trials. And I mean, there's I think 1500 cases pending. So this is going to be going on for a long time. No, until it changes. You can't. They're not going to self-regulate. They're not going to just do the right thing, partly because they themselves have investors who have demands.

speaker-1 (42:13.064)
The end of shareholder capitalism is an unconstrained system because you want to have a government that does have regulation that does constrain capitalism and when it's unconstrained and we're getting this this propaganda that greed is good and when you are just when you're balling and you're on your Instagram on your jet that's that's success that is happiness and kind of preaching but the idea is is that billionaires win you know and wealth wins and everyone's got their 401k in these kind of evil companies

that are making the foods that are killing the Mexican people and hey I'm good why should I care so that's the problem is this is uncontrolled greed unregulated capitalism it gets out of control I think

speaker-0 (42:54.606)
Yeah, and it's really systemic and that's part of the reason I think Sergio and I like cybersecurity a lot because it is really a river that flows through every aspect of all of our lives. Like it is because we don't just talk about cybersecurity at the corporate level. Like there's, you you can have all the rules and regulations and systems in place, but when...

you know, Sloan Maddox, you know, is over in the third floor cubicle with 27 browsers open, clicking on links like it's an Olympic sport. All your systems are not going to help you anyway, right? Because she hasn't protected herself. She hasn't like thought, how do I reasonably use and have life balance? How do I reasonably engage with technology? How do I keep myself secure? How do I keep my family secure? Right. And that doesn't just mean

security passwords and multi-factor authentication, blah, blah, blah. It also means the use, the addiction, the technology addiction that we have. read a recent report that we pick up these things, our mobile phones, 264 times a day. On average in the United States, 264 times a day. And that's across generations. Some of the younger generations, it's higher. So the Delta is getting worse, right?

That's an issue, right? That's not only a cyber security issue, a risk issue, but it's a human issue.

speaker-1 (44:26.798)
It's an old issue. It's an old issue. It goes back to the vices. There was sloth, right, and vanity. All these vices were part of the subsidiary of sin, right, are these vices. And this is a vice. In fact, I'm in this men's group, this Catholic Bible study group. we're giving up for Lent. And so many of men are giving up social media. Some of them taking their meta off their phone. I told you yesterday, I keep this downstairs. I don't let it in our bedroom. So I just...

speaker-0 (44:55.502)
I love that idea. did that last night and slept like a baby.

speaker-2 (45:01.838)
Let me tell you something. don't know if they told you that I used to work for the Catholic Church here in United

speaker-1 (45:14.638)
Yes. Wow.

speaker-2 (45:16.45)
The order that I have from the high level, the Roman courier, was that teach the priesthood here in the United States to use technology. And that was an amazing experience, but at the same time, it a nightmare. Imagine that out of the blue, you have to teach somebody that never ever use a computer or a phone to do their job.

speaker-0 (45:33.976)
That's a nightmare.

speaker-2 (45:44.204)
because really the main tool for them is the face-to-face interaction with people. Now you have to tell, well, now the archivists, the cardinals, the Pope want you to use email. And I have to teach you how to use MFA. And I have to teach you how to use your phone.

speaker-0 (45:48.684)
Right. Now, OK.

speaker-0 (46:05.442)
Well, think about that, right, because that's a rush to adopt technology. Whereas we started in the 90s, right, with email and then instant messaging. It has been a slow progression for us to kind of use it. then because then you understand the context of why MFA exists, why certain things exist, right? Because you saw what was happening before we all used it.

speaker-1 (46:31.086)
Catholics invented the book. mean, so we've kind of we've been at the tip of the spear on technology a lot. And during the Middle Ages, we've preserved Socrates and Aristotle, the monks up in Ireland. So Catholics have always embraced technology. mean, the Big Bang was discovered by or came up with by a priest and Mendel, who came up with genetics, rupees. He was a monk.

speaker-2 (46:52.526)
Greg is a moth.

speaker-1 (46:53.836)
Yeah, yeah, so Catholics are not anti-science. That's just propaganda. We just had a run-in with Galileo a little bit. I think it was after Galileo they said we ought to get out of the science business and let people just do science, right?

speaker-0 (47:05.484)
Ha ha.

speaker-2 (47:06.274)
Well, they have the Vatican Observatory, which is amazing. I've been there. Yeah. I was lucky to be there.

speaker-1 (47:09.986)
to do. Have you been there?

speaker-0 (47:17.006)
All right, gentlemen, I think it's time that we do. Let me see.

speaker-2 (47:23.784)
Ladies and gentlemen...

speaker-0 (47:26.488)
It is time for Hacker Hype! We can't wait! Tell us all about it! Well it's the greatest game show on the planet, our host reads a top headline! And you decide. Is it fake hype?

Pride is on the line along with winnings of $40,684 Cybercrime Junkies Dollars! Amazing!

speaker-0 (48:03.564)
Well, those are completely worthless but emotionally priceless. So let's get started.

speaker-2 (48:11.96)
with.

speaker-0 (48:19.288)
Are you guys able to see my screen here? All right. So I just tried to share it and it kicked me off. as long as you guys are able to All right. So we're to start our game of hacker hype, everybody. Inventor Mike and Dr. Sergio. What type of category would we like to start with? have. Data breaches, employee security mistakes.

speaker-2 (48:21.646)
Yes.

speaker-1 (48:22.082)
Yes, hacker hype.

speaker-2 (48:29.194)
You were able to see it.

speaker-0 (48:47.582)
cyber insurance essentials, ransomware and business costs, compliance and legal liability. We could even create our own. But I haven't created any yet. So let's just go through here. All right. Famous data breaches. All right. We're giving it a little time for Claude code to. OK, famous data breaches in 2013.

speaker-1 (49:00.782)
I was going to say famous data breaches.

speaker-1 (49:09.23)
Famous date of interest for 500, please.

speaker-0 (49:15.758)
Adobe suffered a massive data breach that exposed 38 million user accounts, including encrypted passwords and payment card information, making it one of the largest breaches of a software company at that time. Inventor Mike, is that made up? that hype or is that a true story? it a

speaker-1 (49:41.39)
I didn't know Adobe was a thing in 2013. I'm going to say hack. I'm going say hype. I'm going say hype.

speaker-0 (49:45.102)
Good observation. So he's going to say hype. Dr. Sergio, you're going to say real. All right. Let's find out. We're going to reveal the answer. Yeah. It is a hack. The statement is true. In 2013, Adobe suffered a massive data breach that exposed 38 million user accounts. that's actually kind of interesting, including encrypted passwords. This breach is real.

speaker-2 (49:48.718)
and I will.

Yes, it's real.

speaker-0 (50:14.478)
It happened in October. Adobe confirmed that hackers access nearly three million customer credit card records and log in data for 38 million active users, which later got revised to 153 million. That's a big deal back in 2013.

speaker-2 (50:32.142)
Thanks God this was before they were using the new business model that they have to rent the software.

speaker-2 (50:45.27)
You remember it used to be Adobe CS. That is when that happened. I'm telling you because in the video game company in Activision, we use a lot of Adobe products to develop. I remember that call like, hey, change your.

speaker-1 (50:48.502)
Yeah.

speaker-0 (50:48.782)
us.

Now,

speaker-0 (50:59.982)
That's right. The Adobe Creative Suite.

speaker-0 (51:08.554)
Yeah, that's right. That's why I've got his credit card right here. So, all right, Dr. Sergio, pick a topic.

speaker-2 (51:17.122)
Let's go to industry compliance requirements. Yes, it's very dry, but let's see. Because I would also for famous data breaches, but let's switch it.

speaker-0 (51:22.478)
sounds extremely dry. Let's see.

speaker-0 (51:31.862)
Okay, under HIPAA regulations, healthcare providers can be fined up to $50,000 per violation with annual maximums reaching $1.5 million per violation. a single data breach affecting patient records could result in penalties exceeding $10 million even for a small medical practice.

Dr. Sergio, what do you think?

speaker-2 (52:03.51)
I think it's a hack. And actually they increased from $10,000 to 50,000.

speaker-0 (52:08.622)
Yeah, what do you think then or Mike? Okay, I like I like your confidence. Let's go with it. I don't think it's that high. I think it's I think it's hype. Let's see what happens. Let's reveal the answer. It is real. Holy cow. So even a small medical practice could in a for a data breach could be fine and HIPAA.

speaker-1 (52:13.752)
I think it's bullshit.

speaker-0 (52:36.238)
$10 million and that's separate and apart from like lawsuits that patients would file.

speaker-2 (52:41.774)
Yeah, I know somebody, a company that had to pay six million dollars. Wow. And that was cheap. And also you have jail time.

speaker-0 (52:53.9)
There's there's criminal penalties and brutal. Brutal. All right, let's talk about because this is something that organizations don't really talk about, and that is third party vendor risks, meaning organizations have trouble keeping Sloan from clicking on links all the time, right, herself. But there's also the fact that, well, right, we talk about like one of the bigger breaches that first got news.

speaker-2 (52:55.938)
metal. Yeah. Up to 10 years in prison.

speaker-0 (53:23.706)
like national news was Target. And it's significant because everybody's been to a Target, right? A Target shopping complex, right? All of us have. So what was significant about that breach, because it was huge, it was massive, right? Wasn't so much that Target got breached because they, in fact, had invested and had a really strong cybersecurity team inside.

What made that breach so significant was that it didn't, it wasn't caused by Target. It was actually caused by their HVAC vendor. Attackers breached that and the HVAC vendor had access to Target systems, which hadn't been monitored in the FireEye system, didn't have the automatic stopping, automatic remediation turned on at the time. So thought that was interesting. and great.

This is the question I just okay. Let's move on

speaker-1 (54:26.392)
I say bullshit, that's a hype. don't believe it.

speaker-0 (54:28.494)
No, I'm giving you, I'm giving you points on that one. Let's go. Let's go to the next one. Let's go to the next one. I can't believe that man. It's like one of the, let's see what it says. All right. Third party vendor incidents. Okay. In 2020, I just wanted to find one that I didn't just give the answer away in 2020. He's scheduling software vendors, ransomware attacks.

speaker-1 (54:43.64)
did that.

speaker-0 (54:56.942)
forced over 1,100 dental and medical practices to shut down for nearly two weeks. So it was one of their scheduling software. Think of how many scheduling softwares there are out there. It caused an estimated $700 million in lost revenue because appointments couldn't be scheduled or accessed.

speaker-2 (55:22.892)
Mike, you go first.

speaker-1 (55:24.43)
It sounds like it well, I don't know it seems like everything's real in this game But it seems like an exaggeration like they just can't call people up So I can't believe that that much money was lost. So I say

speaker-0 (55:38.25)
I'm with you. think it's a hype. Okay. Okay. First of all, I have to adjust. got to adjust the code in this game clearly because I'm like, dude, you keep giving us real answers for everything. Yeah. Could you please rotate it more? And what's cool is it'll actually do that.

speaker-2 (55:39.918)
I say this is a hype too. Let's see. Oh, that's a hype. my God.

speaker-1 (55:55.022)
This game is called Hacker Hack.

speaker-2 (56:03.576)
Good that is telling you the company.

speaker-0 (56:06.432)
Yeah. In 2020, this was the Henry Schein dental practice management software breach. Henry Schein is a huge software company that does scheduling for dentists. It demonstrates that even routine business software from trusted vendors can become a single point of failure. Wow.

speaker-1 (56:25.838)
Can I say something real quick? So we've been noticing, I if you guys noticed, you know, like, you know, Bain, the one that Romney worked for Bain Capital, there's a lot of Bain Capitals out there and they've been, small town America has been just overrun with the consolidation of veterinary clinics and dental clinics. They're all becoming corporate. And see, when you go now, people used to go to their dog place and they get, you know, they might spend 30 bucks, whatever. Now it's a guaranteed $500, $700 visit because they got to get

always shots and always things. It's it's it's same with dental. Now you go to the dentist and they're like, oh, think you got to go to the oral surgeon to get this checked out. They're all referrals are way up because you're in a corporate system. You're not going your local guy anymore. so

speaker-0 (57:10.843)
KPI's right meetings. Yeah, PIs are like how many referrals did you do this week?

speaker-1 (57:16.77)
The lifetime value of your customer that's the looking at we want to own their credit card These are these like this old software thing right where it's like we've to own this It just it seems it doesn't seem I think it's insidious because they're getting these people in these small towns They're pension love them or pensioners, know, and they're they're like seven or dollars month or more. Yeah

speaker-0 (57:38.902)
Used to go into Jack Robertson, the dentist, right? Exactly. instead they go in and it might be Jack Robertson's dental practice, but they go in and it's actually a wholly owned subsidiary of this huge company. And they have meetings every single week, right, about their sales and their KPIs.

speaker-1 (57:56.814)
Yeah, so that's kind of like a cyber crime in a sense. People are getting their life hacked by big corporate interests that are so powerful and I don't know, I think it's just unfortunate. So, sorry. I'm going to be down there today.

speaker-0 (58:09.44)
No, but but it's a really good point because it touches on the cultural effect of all of us All right, Mike as our special guest you can pick the next category where this is our final category

speaker-1 (58:25.894)
I don't know enough about ransomware. So go ahead. Let's get ransomware business.

speaker-0 (58:30.136)
Ransomware is like the coolest part of cyber security. It locks it down. You can't access your own stuff. You get a little note on there. Like your icons turn white and there's just a text note. You open up that. It's the only thing you can open. You open that up and it says, hello comrade. It really is. it's literally like there's a timer that goes.

speaker-1 (58:34.734)
because it's exciting name.

speaker-1 (58:51.31)
It's like a Liam Neeson film, right?

speaker-0 (58:58.1)
and you have to negotiate and contact these Russian or Eastern Bloc ransomware gangs who are very good at their job. Like on a talks channel and most small business owners don't know what a talks channel is, right? Because we why would we? Right? Why would they? And you've got to download the Tor browser, you got to get on the dark web and go and speak with them and begin negotiating. That is like the reality of it.

And so it's pretty shocking. So let's see. After a ransomware attack, here's the question. After a ransomware attack, the average small business loses more money from operational downtime than from the ransom payment itself. The typical recovery taking 21 days and costing over two hundred and eighty thousand in lost productivity and revenue.

speaker-1 (59:55.982)
Who has to answer first?

speaker-0 (59:58.286)
Mentor Mike, do you think it's hack or do you think it's a hack?

speaker-1 (01:00:01.472)
I'm just gonna keep rolling on black. It's gonna be hype.

speaker-0 (01:00:05.302)
OK, you're rolling on hype. I have to search you. He thinks it's a hack. I will tell you. The reports that we always see always have inflated numbers. They're always like, you know, small business that makes three million a year. They're like, you know, if you have a data breach, you could lose 10 million. Yeah, I don't buy that number like, but it could be 280 grand, which would be huge. Yeah. Right. So the fact that it says 280 and doesn't say like 10 million.

I think it's a hack, but let's find out. I think it's real. It's a hack. It's true. After ransomware attack, the average small business, and this is when they say that they generally mean 25 users or less, 25 employees or less, small business, loses more money from operational downtime than paying the ransom itself. It's true, because if you have a $3 million business or $5 million business, the ransom might be 60 grand, 75 grand.

But the fact that you haven't been able to work, issue invoices, talk or communicate with anybody for three weeks on average, that's going to hurt more. Right. So this is true and often surprises business leaders who focus primarily on the ransom.

speaker-1 (01:01:20.462)
typically asked for in a ransom. Is it like 60?

speaker-0 (01:01:23.686)
They actually have a playbook and they actually go by your revenue. It's like a percentage of your your gross revenue.

speaker-1 (01:01:32.046)
And they probably figured out like it's probably just better off just to pay it off and let it go away.

speaker-0 (01:01:38.604)
Yeah.

speaker-2 (01:01:39.362)
You are trusting that the hackers are going to give you back their key, the information. You are crossing your fingers. It's not warranted. Correct.

speaker-1 (01:01:47.246)
There's no guarantee.

speaker-0 (01:01:50.508)
Which is why here's where we come to the best practice, the lesson time, right? The best practice is always to have like an incident response plan to have to practice that at least like once a year. It's like a fire drill that we all did as kids, but to actually know that meaning if this happens, unlikely, just like a fire drill in school as a kid, but in the unlikely event that this happens.

what will we do? We need to know that the first thing we're to do is this. The next thing we're going to do is this, et cetera, right? And one of the keys is in those incident response, those tabletop exercises is to communicate with the FBI and the Department of Homeland Security when you're doing the prep, because you want to give them all of your information. Like we have X number of servers. We use these, type of technology, blah, blah. So that way,

on the event of an incident like that, you can contact them immediately. You're already in their system. Because otherwise, when they're saying you have an hour to do this, you have a couple hours to do this, you call the FBI, you call Department of Homeland Security, they're going to take a few hours, if not a day or two, to learn about you and so that they can give you the advice.

speaker-1 (01:03:06.68)
So you don't just say, I'm gonna give you an hour or I'm gonna kill you and your whole family? You don't do that? No.

speaker-2 (01:03:11.458)
Gibson.

speaker-0 (01:03:11.822)
Exactly right. No, and you don't want to say that to federal officer. The hacker. No, that's true. That's true. But the but the you know, and their advice will always be don't pay the ransom. And they that is the line from the FBI. They always say don't pay the ransom. And part of the reason they say that is they have a bunch of decrypt keys. The FBI, because they do offensive the CISA and the NSA. They have

speaker-1 (01:03:15.259)
No, I meant the hacker. didn't mean the theropods.

speaker-0 (01:03:41.462)
They have hacked hackers. So they have a group of decrypt keys and they will be trying those out. So they'll say like, don't pay unless because we might be able to save you. Right. But even if they don't, they they caution and they help you kind of negotiate it. So it's it's a big help, but they can't really do much in time if you haven't talked to them ahead of time. So that's kind of.

speaker-2 (01:04:09.516)
Mike, that is a problem for the healthcare industry.

speaker-0 (01:04:13.555)
Huge healthcare is destroyed.

speaker-2 (01:04:16.91)
So in England, several hospitals got ransomware attacks. Even when M5 told them do not pay the ransom, Scotland Yard,

speaker-1 (01:04:29.73)
All

speaker-0 (01:04:30.51)
Yeah, Emma.

speaker-2 (01:04:36.75)
They have to because you have a patient that is in trouble right now that I need to know the medication, blood type. So I'm so sorry, I need to pay and cross my fingers that you're going to give me back the information.

speaker-0 (01:04:52.078)
Well, rural health care here in the United States. So I do a lot with the HIMSS organization over in Kansas and outside of Kansas City and a little bit outside Wichita. It's extremely rural there, right? And they have county health care systems. And I don't know if you've looked in the news, but a couple of years back, like they all got hit. And like

It was really bad. somebody is having a heart chest pains and things like that. They couldn't render medical care and they had to like ship them in an ambulance two hours away. People can die in transit. Right. And it's really it's really tough for them because they are a lot of them operate either as a nonprofit or, you know, even if they are a

a for-profit system, they're not making much profit. And so, you know, it's a really big struggle.

speaker-1 (01:05:51.63)
I have a question, this sounds really paranoid, but I know being an Italian American, there was the old shakedown, right, where you pay for protection. So has there ever been an incident where people who are doing the ransoms are actually selling cyber security?

speaker-0 (01:06:00.799)
Right? Of course.

speaker-0 (01:06:07.982)
Wow, such an interesting

speaker-2 (01:06:10.734)
Very good question.

speaker-1 (01:06:11.816)
That's a really good business model. That's an old Italian business model.

speaker-0 (01:06:16.12)
So, interestingly enough, Mike, listen to this. I just recently did an episode. When I say I did an episode, it means I researched it and I made calls to try and find out what the truth is. there is a couple guys. So what happens is there's this industry, it's a cottage industry, boutique industry, where they are the ransomware negotiators. So they get hired by the cyber insurance firms.

They have agreements with law enforcement or they will advertise their services. So that way, let's say this happens and you call the FBI, you call somebody and they're like, we don't, we don't have anybody available. We can't help you. Or, you know, here's our stance. Call us when it's done. We'll fill out a report. Cause that does happen sometimes. So what they'll do is they'll call ransomware negotiators, these groups that advertise on their websites. And there's a firm in Chicago.

one that was very popular and they were the ransomware negotiators. What they were doing is they were actually doing two things and these guys just got indicted and they're currently facing trial right now. And what happened was they were doing two things. One, they were because you as a business owner, Mike, your business gets down, right? And I come in from Chicago. I got my silk suit on, my little tie, right?

speaker-1 (01:07:26.518)
nailed it. Okay.

speaker-0 (01:07:42.19)
And I'm like, I'm a professional ransomware negotiator. And I say it in calm time. I'm like, I know the lockbit gang extremely well. And Akira, I know those guys I just negotiated. They were making a demand of 40 million. I got it down to two million. Right. So you engage us for, let's say, 80 grand. You pay us 80 grand. And we're going to go and we're going to negotiate with them. And actually, what they'll do is they'll say, well, you know, you don't even have to pay us.

we will take a percentage of what we get for you, of what you have to pay in the ransom. Right. So first of all, that's the standard model. First of all, that model has issues because I get paid more if you pay more in ransom. Right. And what this what one of the guys who got indicted, what it was being alleged is they were negotiating with the ransomware gangs over in Russia for

a million or 500 grand. They were telling the client they're demanding three million bucks. And out of that three million, you know, I mean, yeah, well, we'd get a million or we'd get 200 grand or whatever, but it's all going to go to them. And so they would get the three million from the client or from the client's insurance company, right? Right. Or the clients go take a loan out, whatever it is. And then they would pay the ransomware gang 500.

And there's also evidence of this because some of those guys have been caught and are in jail down in Texas. And one of the things those attackers, because when they travel outside, Interpol catches them. And then they come to the US, they convict them, right? Because they have hundreds of breaches worth hundreds of millions of dollars. But some of these guys are like, look, I got indicted and I know I get that I'm in jail and stuff.

But they're telling me I have to pay restitution for like $8 million for this breach. We only got $800,000 or we only got $1 million. He has no reason to lie. He really does. Other than he just wants to cut down the amount that he's that they say he stole. But the truth is, is why is he making up that lie as opposed to another one? Right. It's because they probably did only get $800,000.

speaker-1 (01:09:45.256)
We a piece of it.

speaker-0 (01:10:03.306)
the negotiators were siphoning off the rest. You know what I mean? Like the bad negotiators. There's the vast majority in that industry are former law enforcement people. They're actually good negotiators, good people. So don't not bash in the industry. I am bashing those guys that were like they had the power because a business owner doesn't get on a talks channel, doesn't understand the dark web.

like doesn't know how to negotiate, doesn't really know what sets half the time. It's in Russian. It's in foreign language. have interpreters, right?

speaker-1 (01:10:36.952)
Humans are designed to game systems. I think we evolved that way, that people who game the system bred more, were attractive mates. mean, that's part of being a human being is to figure out workarounds, right? And to cheat a system. It's all a game. it sounds evil. a hack. It sounds evil. It can be evil. A hack is trick. The FBI probably hires a lot of those guys to help them fight those guys, right? Because it's all a game.

speaker-2 (01:10:57.07)
It's like

speaker-2 (01:11:05.378)
Mike.

speaker-0 (01:11:05.966)
Think about, think about Mike, when the mafia took over, I'm sorry, the outfit, I'm sorry, the Chicago outfit. But the group of organized crime individuals took over Vegas in the 60s and 70s, right? 50s, 60s and 70s.

speaker-1 (01:11:22.648)
with the mob which was Jewish, yeah, it Jewish and Italian.

speaker-0 (01:11:25.902)
correct. They would make, let's say, three million legitimately on those casinos, but they lived for the 300 grand they would make on the skim. Yeah. Right. was all about like, what can we make on the skim? Like, what can we steal? Like, that was the thrilling money because they've like, we've heard them talk about it and they're like, well, no, we live for the skim.

speaker-1 (01:11:50.584)
They're also laundering money too through it.

speaker-0 (01:11:53.356)
Yeah, but it's that, well, my point was, I think you're spot on about the human behavior. Like there's something more exciting about doing what they could get away with secretly than just the legit. They were making plenty of money legitimately, just running a valid casino, but they didn't want to do that.

speaker-1 (01:12:11.864)
they might have my dad was ridiculous he'd be plenty of my eyes nursing home and he wasn't a gangster but but that what the pharmacist that was certain service a nursing home it was a very valuable account right he just say you want you to do my nursing home i just need a little bag of money every every week paper bag by beg for money

speaker-0 (01:12:28.866)
Yeah, it was like that's what they live.

speaker-2 (01:12:32.812)
Mike, remind me next time to tell you the story of my own grandmother being the drug dealer at her nursery place.

speaker-1 (01:12:39.694)
I'd to hear it.

speaker-0 (01:12:41.007)
no, yeah, tell us that right now.

speaker-2 (01:12:42.658)
So very fast, I was doing my medical residence in the hospital location where also she had her nursery home.

So every chance that I had to go and have lunch or dinner with her, I take the time. So I used to go with her, blah, blah. And one night after dinner, I take her to her room and she is in the bathroom changing and she asked me to reach for something in her nightstand. So I opened the nightstand and I see all these peels. think.

speaker-2 (01:13:23.266)
I called the nurse because it like over 300 pills. I called the nurse, my grandmother is still in the bathroom, and I said to the nurse, what is this? Why my grandmother has so many pills? It's always because she asked for, she says that she cannot sleep. So every day, every night, we give her a pill. And I tell her, no, my grandmother don't have any problem falling asleep.

speaker-0 (01:13:28.782)
my god.

speaker-1 (01:13:49.198)
She's hoarding them.

speaker-0 (01:13:50.926)
and then she's

speaker-2 (01:13:51.886)
My grandmother get out of the bathroom and says, Granny, we need to talk. Why you have so many sleeping pills? It's always because my friends come and ask for pills because the nurses don't want to give them the pills. Like, well, it's a reason why they don't to

speaker-0 (01:14:08.13)
There might be a medical reason why, right? then but so grandma was she selling them to him? She just giving him away.

speaker-2 (01:14:16.812)
she was giving it because yes yes exactly so I told the nurse look I don't want my grandmother to get in bad shape with the friends so let's switch it for placebo

speaker-1 (01:14:19.764)
goodness of her heart.

speaker-0 (01:14:30.082)
Yes.

speaker-1 (01:14:31.544)
is amazing.

speaker-0 (01:14:33.934)
Right.

speaker-1 (01:14:37.87)
My dad couldn't my dad with our nursing home was full of many Italian Americans lots of the families of the local, you know mobsters and So spaghetti was always in the menu and there's this little old man. He was crying and he's like Why are you crying? Because they won't they won't let me have red sauce on my spaghetti. It was just white spaghetti No, cuz cuz he can't have red sauce. He's on a salt prohibitive diet. He goes he's 94 give him some fucking sauce

speaker-2 (01:15:04.462)
Thanks

speaker-0 (01:15:05.206)
It's just.

speaker-1 (01:15:08.047)
Yeah, it's so stupid. mean, give them what they want, you know?

speaker-0 (01:15:12.586)
Yeah. mean, give me. I was just going to say, like, what are they what what what harm are they going to do? But I mean, medical treatment was different back then. So when my dad passed away young, I'll just share one story. He had cancer and he was a Marlboro red smoker. But I would go and visit him when he was at Columbus Hospital in Chicago when I was down going to school. And he would in the hospital room.

speaker-1 (01:15:15.342)
Let them enjoy themselves.

speaker-0 (01:15:41.554)
Here we go. Hey Dino. He's like put your hand on that sign on the wall There was a no smoking sign in his hospital room He would have me put this my hand over it and he would light up a cigarette in his hospital bed

speaker-2 (01:15:55.214)
Well, he followed the rules, right?

speaker-1 (01:15:57.624)
fun.

speaker-0 (01:15:58.038)
I'm like, what are you like? I remember being shocked then, but kind of laughing because I'm like, the guy's got like terminal cancer. Like, let him at this point. What you going to do? it's, know, but it's also shocking today to think that you could like light up in a. Back then is when they had this smoking, remember the smoking sections in restaurants?

speaker-1 (01:16:11.03)
Yeah.

speaker-0 (01:16:24.332)
You would be in like the non-smoking section. There'd be the smoking section. Yeah. Like a foot away. know what I

speaker-1 (01:16:30.35)
I miss the really cool ashtrays remember people had ashtrays they're so cool they're really nice ashtrays I used to love playing with them as a kid

speaker-2 (01:16:40.106)
in the airplanes still you know the signal

speaker-0 (01:16:44.942)
Yeah, and you had like the blown glass ashtrays and stuff like that with all the designs. They were really cool. All right, well, gentlemen, this was a great talk. Thank you for spending Friday morning with me. I really appreciate it. That was really awesome. Good. I will let you know. get this one live and we'll talk soon. guys.

speaker-2 (01:16:54.158)
Thank

speaker-1 (01:17:02.698)
you, Sergio. Thanks,

speaker-2 (01:17:05.09)
Bye bye.