[Bee Cyber Fit intro]
Wendy: Welcome to the Bee Cyber Fit podcast, where we're simplifying cybersecurity for everyone, where we cut through confusing cyberspeak and make cybersecurity simple and easy to digest. I'm one of your hosts, Wendy Battles.
James: I'm James Tucciarone. Together, we're part of Yale University's Information Security Policy and Awareness Team. Our department works behind the scenes to support Yale's mission of teaching, learning, and scholarly research.
Wendy: Ready to get Cyber fit with us?
[theme music]
Hey, everyone. Welcome to another episode of the Bee Cyber Fit Podcast. We are so psyched you're here. This is the place to come for information and inspiration about how to stay safe online. James, I cannot believe this is Episode Eight, our final episode of Season One. How is that even possible?
James: I know, Wendy. I can't believe it. It's been a lot of work, but it's really flown by. I can't believe we have a full season under our belts.
Wendy: I know. Remember when this was just a teeny tiny idea and we're like, “We should have a podcast about being Cyber Fit,” and then we actually made it happen. I am so proud of us.
James: I am too, for sure.
Wendy: Now, I do have to tell you a quick story, James. I ran into a colleague recently. She told me about what apparently are your legendary banana mocha cupcakes.
James: [laughs] Yeah, Wendy, it's funny. They pop up from time to time. They've made their way around the community, but they may be inching close to legendary, but might not be there quite yet. [crosstalk]
Wendy: We'll have to put that to the test and see. I'm impressed, and she is definitely a raving fan, so that's pretty cool.
James: That's awesome. We'll definitely have to put it to the test when we get back--
Wendy: I'm waiting for my batch. So, James, I am waiting for my batch of banana mocha cupcakes. I'm just saying.
James: They're coming your way.
Wendy: All right. I love it.
James: So, Wendy, as we're wrapping up Season One, I really wanted to ask you, what it's been like managing two different podcasts? We've leaned on you a lot over Season One and all the knowledge that you've brought to this project. So, what have you taken away?
Wendy: I'll tell you a quick story, James. I wrote a post about the Bee Cyber Fit podcast, one of our episodes on LinkedIn. Jeremy, our CISO, mentioned to me that I actually referenced the Reinvention Rebels podcast, not the Bee Cyber Fit Podcast in my post, because, James, it can be confusing sometimes having two different podcasts.
James: I can imagine all the juggling.
Wendy: Right. It's a little bit of juggling between the two different things we're doing. I have to say that I love them both so much. They're totally different. Obviously, Reinvention Rebels is my personal podcast about amazing, fierce women. Bee Cyber Fit podcast is equally joyful, fun, informative, inspiring. I'll just say that I am having a ball.
James: That's awesome. I mean, I've absolutely enjoyed all of our time that we've gotten to spend together as well. I'm glad that were able to make this little dream happen.
Wendy: We certainly did. That is a perfect time to tell all of you about our episode for today, the final episode of Season One. We've got another great episode for you. We're going to tell you about our buzzword of the day in just a moment. We also have several really cool highlights from 2022 about what was going on in this cyber world. Then we'll wrap up with a few calls to action.
[music]
James: It's common in the news and media, so you've no doubt already heard about cryptocurrency. But do you know what it is? Do you know anything about it? Or are you a crypto expert? Whatever the case, cryptocurrency has become an embedded part of monetary exchange. Stay tuned for a quick look at what cryptocurrency is and the most important things we should know about it.
Wendy: James, there were so many different headlines in the news in 2022 about cybercrime, online theft, hackers, you name it, many different ways people are trying to steal our money, our identity, something that is valuable to them that we want to protect. So, amazing listeners, we thought it would be fun if we shared some of the highlights from this year about some of the things that happened and talk a little bit about why some of those things happened and what we've learned from them. I'm going to start off with a couple of different incidents.
The first one is something that I think you're all familiar with, which is Cash App. There are many different apps we can use to pay our friends, our family for different things Cash App, Venmo, etc. I use a couple different ones. This was actually about a Cash App data breach in April of 2022.
Interestingly, James, this was initiated by a disgruntled employee. We know that there are lots of different reasons why there are breaches, but in this case, someone was upset about something and leaked all of this information. This individual had access to the company's data servers and harvested eight million different users’ personal information. Eight million people who use the Cash App, this individual accessed their information. Clearly, this particular individual had a big axe to grind with the organization. I think the only good news about this is that there were no account credentials stolen in the attack, and the individual was only able to steal a limited amount of identifiable information. That's a good thing, considering the situation.
James: Yeah, I guess you can say it's like the lesser of two evils. What I do like about this story though, Wendy, is that it's a big brand. A lot of people know about it, and a lot of use it, but I think you can also draw parallels to any business. Even here at Yale, the idea is that a disgruntled employee can get into our data, even our community data, depending on what they have access to and now potentially harvest or create a breach about the data here at the community. All because one employee had access to something and maybe their access wasn't restricted in a quick enough fashion or in a timely fashion.
Wendy: Yeah, so there's all kinds of risks involved. Even without it being a big bad cybercriminal, it does show us just about the potential damage that can take place, as you mentioned. It is something that grabs my attention because, of course, you and I know we talk a lot about data security at the university and doing all that we can to protect this very important data. So, it really brings home that point.
The second story is about the Red Cross. It is about an attack that happened back in January. And in this case, it was perpetrated by a third-party contractor, and over 500,000 records were compromised. What is especially disconcerting, is that these records were classified as people that are considered to be highly vulnerable. They are people that are victims of war, they could be possible witnesses. Apparently, this information has been sold to international crime rings which sometimes targets these people.
Wendy: This really is disconcerting to me, James, because what it goes to show you how people target different types of information for lots of different reasons. But you can see how cybercriminals can use this information in ways that are very concerning, that can really hurt people, that has to do with their actual physical safety sometimes. That's alarming to read things like that. It's one thing to read about something that happens online with our credit cards, but we can get a new credit card. It's a whole other level when it comes to someone's personal safety.
James: It definitely is. I agree. It makes this story a bit scarier. What's really interesting is I don't know that we always consider what type of data is being included in these systems and maybe even how we're being categorized. I don't know that I would have ever considered that there would be data in the Red Cross’s information that would identify somebody as a potential criminal witness, and then that data would be able to be leveraged by these crime rings or these criminal organizations that might be looking for these people. It's kind of terrifying.
Wendy: It really is. I think that part of it is from our perspective in the US, we might perceive the Red Cross in a certain way. I mean, the Red Cross is a humanitarian organization that helps people in countries around the world, but we often might think of in the US, they facilitate blood drives and they help with disaster recovery, when there's a hurricane or some kind of natural disaster. They also have this much bigger global mission that extends beyond some of the things that we might typically think that they do. That for me is very eye-opening.
James: Absolutely.
[theme music]
James: Wendy, those are both really great stories. I have a couple that I wanted to share with our listeners as well. The top headline that really stood out for me was actually a breach on Microsoft. It happened in March and the breach was perpetrated by a criminal group and they accessed the Microsoft Azure server and stole some source code. The group even went on to post some screenshots proving that they'd hacked Microsoft and they claimed that they had also compromised Cortana, Bing and some other Microsoft products.
So, it was obviously some big news. Microsoft was concerned, they had a very well-thought-out response. And ultimately, they said that only one account was compromised and thankfully no customer data had been stolen. What I really found interesting about this story was that there were theories that the attack was actually intended to damage Microsoft's reputation rather than for the cybercriminals to gain a financial reward.
Wendy: That's interesting because I know that we often think about it is about the finances or leveraging this information they've stolen for their own profit in some way on the block market, etc. I think that's really interesting to hear about the reputational risks that some organizations may encounter.
James: Right. Here at Yale, when we think about the risk of our data and the risk of our systems, a big part of that thought process is, what is the reputational risk of the data that we're working with to Yale. It just really stood out to me as an interesting story for 2022.
My second story is about the data breach of Crypto.com back in January. For anyone who doesn't know, Crypto.com is an online app and it's a platform for trading cryptocurrency. In the case of this particular attack, about 500 cryptocurrency wallets were targeted and, in order to access the accounts, the cybercriminals actually bypassed their multifactor authentication.
Once they got in, they managed to steal over $30 million in cryptocurrency and 18 million of that was from the commonly known Bitcoin and 15 million was from the cryptocurrency Ethereum. What I also really liked about this story was that the company was forced to reimburse the attacked accounts, which as we've said in previous episodes, Wendy, it's not always the case that people get their money back, and especially with cryptocurrency because it is such an anonymous currency.
Wendy: Yeah. I don't even understand how they did that, considering the anonymity of it. I'm glad to hear that because I'm sure that was reassuring for people that were impacted, because it is the worst feeling to lose anything. No matter how much, but when it's a significant amount of money that you have lost, in whatever way it happens, it's devastating.
James: Absolutely. This is a big chunk of money. I mean it's $30 million from only 500 accounts, so that is a pretty large chunk of your portfolio that's just been harvested right away. I'm glad to see that the company did reimburse the accounts, even if it wasn't necessarily of their own volition.
Wendy: Yeah, absolutely. I just want to say, what are we doing wrong, James, that we don't have anything, like, remotely like that? Hello. [laughs]
James: Oh, my gosh. Well, once the podcast money starts rolling in.
Wendy: Right. Yes. Okay.
[laughter]
We're going to go with that. You are so right. One day. [chuckles] It does really show us that there are many different ways that cybercriminals target groups, organizations, individuals, for all kinds of reasons. I think it's helpful to share these stories, James, to remind all of us that there's such a breath of cybercriminals and their tactics.
[theme music]
James: Here's the buzz on cryptocurrency or crypto. Simply put, cryptocurrency is digital or virtual currency. Units of cryptocurrency are usually created through a computational cryptographic process called mining. To record transactions, cryptocurrency uses what's known as a blockchain, instead of relying on governments or banks. A blockchain is a public ledger that's stored across multiple locations. It records transactions in blocks that are then linked together in a chain.
Now widely accessible, cryptocurrency can be purchased through websites, apps, and cryptocurrency exchanges. Maybe you've even seen a cryptocurrency ATM, and because it exists virtually when you own cryptocurrency, you don't own anything tangible. Instead, you have a security key that's stored in a digital wallet. While many people invest in cryptocurrency, it can also be used to buy regular goods and services. Bitcoin is the first and most well-known cryptocurrency, and it was intended for everything from buying groceries or a cup of coffee to buying automobiles and real estate. Because cryptocurrency isn't backed by government or financial institutions, there's few, if any, consumer protections if it's lost to a scam. Here are a few tips to help keep you safe when dealing with cryptocurrency.
- Do your homework before buying, selling or investing. As with many things, it's best to know all the details and read the fine print before committing.
- Never purchase goods or services from anywhere or anyone who insists on payment by cryptocurrency. Legitimate retailers will typically accept multiple forms of payment.
- Report cryptocurrency fraud and suspicious activity. Consider reporting to the federal trade commission, the Internet Crime Complaint Center, and the exchange company from which you transferred the money.
- Keep listening to the Bee Cyber Fit podcast where we help you keep your personal information, your data, and your money where it's meant to be.
Wendy: James, let's talk about Season One highlights. As we are wrapping up this episode, I have to ask you about your favorite episode this season. Of our seven prior episodes, which one would it be?
James: So, Wendy, I have to admit that our last episode with Kerry Tomlinson is probably my favorite episode. So first off, Kerry was amazing. She just has a presence that, I truly enjoyed and I was just thoroughly captured by everything that she was speaking about. To be fair, the topic of deepfakes is incredible. It's such a powerful technology and it can do such crazy things that really gets you thinking. Having her really break that down for us and provide us a deep dive into deepfakes was something I really enjoyed.
Wendy: I did too. I completely agree with you. It was fascinating. I didn't know a lot about it, so I personally learned a lot. I feel like it was also very eye-opening for our audience. I think some people have heard of deepfakes and might have a vague idea about what they are. To really understand it more fully, to hear her examples, to see how cybercriminals put this into action, to figure out how we can build our own knowledge and get better at discerning what might be a deepfake, I think that was so valuable.
James: Absolutely. And what about you? Did you have a favorite episode from Season One?
Wendy: First of all, I have to say that is such a hard question because I loved all the episodes for really different reasons. One episode that does stand out for me was our episode about juice jacking and people stealing our data from USB charging stations. I really like that because I, again, thought it was eye-opening. So many people told me they'd never heard of it before, and it doesn't mean that it's happened to all of us. I feel like it was one of those things that was especially helpful because people are starting to travel more with the pandemic waning. People may find themselves in more situations where their phone is almost dead and they see a charging station and who doesn't want to power up and have more juice? I found that episode to be really fascinating and with information to help us avoid that.
James: It was a really great episode. I'll admit, Wendy, I had a feeling that might be your favorite. You brought a lot of excitement to that story and I felt like it really hit a note with you. I will say that I was at the mall a week or two ago and they had a whole area set up as a charging station, but I was pleasantly surprised to see that it was all electrical outlets and no USB ports.
Wendy: I like that. That's great. That's encouraging to hear that they are the appropriate type of charging stations where you can feel much more confident plugging in your phone with your own charger to power up your device. Much, much better. I just think that, James, even this little bit of information gets people thinking. Even if someone hasn't heard of something before, and they can expand their knowledge, and they can tell their kids, adult children, parents, the kind of people who might innocently go to the airport waiting for their flight, see a charging station, a USB charging station in the gate area, which thankfully, I have done before and plug in. They don't know what they don’t know. I appreciate that we're sharing some information that can enrich people's thinking.
James: Absolutely. On the topic of surprising new things, I actually found something surprising over the course of Season One that I just had to mention. As a new up and coming recording artist, I had no idea before recording this podcast how much noise we are constantly surrounded by. I mean, cars driving by, my heat kicking on, my neighbors mowing their lawns, my chair creaking. [Wendy laughs] It's just ridiculous, and I've become so hypersensitive to it and how it's just constantly in the background.
Wendy: We live in a noisy world, don't we?
James: We really do.
Wendy: Even when we think it's not so noisy, but you're right. It is amazing the things you become attuned to when you do something new and different that you haven't done before and had no reason to even notice these things, that all of a sudden, it's like, “Stop all that, stop traffic. I'm trying to record.”
James: Exactly. I have to ask you, was there anything you were surprised about over the course of Season One?
Wendy: All right, James, listen, I know you said one thing, but I have to tell you two because the first one is about Jeremy, our CISO, it was totally surprising, but I guess probably shouldn't because he's very outgoing that he's done stand up. That was such a fun fact to uncover in episode three.
James: That was a surprise for me, too, about both of you. I think one of the most interesting facts I learned this season as well.
Wendy: Right. I don't know that I'll go back to a stand-up career because it was short-lived, but I can at least say I did it. I crossed it off my bucket list. I know the terror of standing in front of people hoping you're funny and that you don't totally bomb. [laughs] It's a growth experience, let's put it that way. The other thing I found surprising, and I probably shouldn't, but I really did, after already having one podcast and starting a second podcast. I really thought with this new podcast, it wouldn't take as long to produce. And I was totally wrong. James, you know it takes a lot of time to create a podcast. You pour your heart and soul into it. You have to be creative. You have to be quiet. You have to think on your feet. You have to try to find a quiet space. You have to constantly be thinking of new ideas to keep the audience engaged.
So many different things that go into producing a good podcast. I think I was surprised because I thought it would be a little smoother sailing. This is a totally new topic for me as opposed to my other podcast. There's always going to be a learning curve no matter what you're talking about. And that's been surprising, but also awesome.
James: Well, Wendy, I will say, I love the fact that one of our goals here is to help our listeners learn about cybersecurity, but we also get to learn along the way as well.
Wendy: Yeah, one of the things that I think is so cool, James, one of our listeners wrote to us and told us a story about a recent episode. We did the episode on online shopping, holiday online shopping, and tips to protect oneself. This person told us about how they shared the episode with their daughter. Her daughter listened, heard the story about being really careful when you're sharing links with other people, making sure that they're legitimate sites. It made her very mindful because she was sharing a list with her grandfather who isn't as cyber-savvy. I liked that immediately, our listener put it into action, shared it with someone else and her family that had the ability to impact yet another person. I was like, "Our work is done." That is our whole goal is to make cybersecurity-- our whole goal is to make this podcast something that everyone can listen to and benefit from. That was such a great example of that. I was so happy when she shared that.
James: That is pretty incredible.
Wendy: So, it's been an amazing season. I am just so thrilled that I got to do this with you. It's been just a joy, besides all the hard work. It has been so much fun and I have loved getting to do this with you.
[theme music]
Wendy: It is time for a few calls to action, remembering that we'll be on a little bit of hiatus before Season Two starts and we want you to keep building your cyber muscles. Here are a couple of things you can do.
First, we want to encourage you to read our winter edition of the Bee Cyber Fit newsletter. There's all kinds of great information in there to keep you safe online. And, of course, your families too. There's a link to it in the show notes. Two, we want to encourage you to sign up for our Bee Cyber Fit monthly tip. The second Wednesday of every month, we share a tip to help keep you safe online. We'll be back with a new tip in January. Sign up using the link in the show notes.
[music]
James: Well, that's all we've got for Season One. For anyone who hasn't already, be sure to sign up for our podcast episode alerts, so you can get the buzz on Season Two. Until next season, I'll be here with Wendy Battles. And I'm James Tucciarone. We'd like to thank everyone who helps make this podcast possible. We'd like to also thank Yale University where it was produced and recorded.
Wendy: We're so grateful for you listening to the Bee Cyber Fit podcast. We hope you enjoyed Season One. We can't wait to see you back here again for Season Two. Remember, it only takes simple steps to Bee Cyber Fit.
[Transcript provided by SpeechDocs Podcast Transcription]