 ThinkTecAway, civil engagement lives here. Well, go back to the cyber underground this week. I'm Dave Stevens, your host, and we're going to go over some stuff that's going to scare you out of your mind, as usual. But first, let's introduce my guest. Guest co-host Tom Moore, adjunct faculty at Cappy Ualine Community College. Hello, Tom. Thanks so much for having me. Thanks for coming back. I know you kick your own butt to do research on these topics, and today we got kind of caught by surprise the last couple of days. The Russians have invaded. They just got caught invading. Hey, that's a good way to put it. It's not like Red Dawn. People think, ah, the Russians attacked, and there's parachutes in the sky, and they've taken over, and that's not true. They kind of crawled in like rats without us knowing the rats are in the walls. And now we're noticing them in great volume in the nuclear plants, power plants, water, treatment plants, and water facilities, and water direction facilities, and pumping stations, and other energy sector industries. And it's strange that we just now awoke. But I think this administration has known about this for quite some time. Well, you know, we're the White Hats, and then there's the Black Hats, and there are Great Hats someplace. But my guess is that we've more or less known about this kind of thing for a long time, because this kind of thing has been going on for a long time. We know that partially because we've been doing it. They're not the only people in the biz. What? No, we should be. We do this? Yes, and the Israelis do it, and lots of other people, all the countries that start with C, are doing it or wish they could. We don't do this. So somebody in the healthy business decided maybe we should let the public in on this, let the geeks know that this is happening, because it's some sort of tripping point, some sort of critical mass. But this is not brand new news. It's just this week's burp. Well, let me go to Camera 3 for a second right here. And I'd just like to shout out to our President of the United States, President Trump. We would not be talking about this right now. If you are not such an absolute moron and could do your job, even as well as your daughter could do your job, please step aside and let some qualified be present because you, sir, have colluded with the Russians, taken their money, and you're playing with fire, and you're going to kill the rest of us. So get out. Okay, back to the show. Yes, meanwhile, back on the front. This is why we're talking about Russia, because Russia's been a problem since they, we think they hassled with our elections. They messed with them and maybe not pushed Trump into office, but certainly they disrupted the process and they made us not have faith in our elections. And if indeed they did mess with the elections, that tells me that my vote no longer matters. It's all up to some computer or some nation state that has the resources to direct what my vote is going to be. I don't know. I have a vote anymore. I can't put the people in office that I want, and that's a huge problem. But now, since then, our president, Mr. Idiot Trump, has ignored the problem, and now we're having to talk about it now on the show because now we're seeing all this malware that Russia's implanted secretly on our energy sector services that's trying to phone home. Now let's go over some of the command and control of these viruses. So malware, what they do is they get you to click on an email. Let's go over phishing first. This is usually how it comes in because we have great network defenses. Our firewalls are up. And the best way to get around all the security is to get some unsuspecting person, like our idiot president, Trump, to click on a link and that activates a virus and implants some software. And it doesn't actually do anything wrong at that time. It just sits there, lays in wait and phones home. Well, it does something wrong. It just doesn't, it's just not obvious that it's wrong. It's not obvious. It's not going to change your screen. It turns up upside down. Right? It's not going to turn on Fox News. That's the only station our idiot president listens to. It's not going to do that. What it will do is it'll sit and wait for a connection to a server on the internet somewhere that's controlled by a bad player, like Russia. This is a bad actor. And they call these command and control servers. So they will sit there and wait for a message from an implant to piece of software so they can do things like exfil data or take control of the network or a piece of equipment on the network. Now what makes this incredibly challenging this time is that this has to do with two things I don't think anybody's really been looking for in the outside of the DOD. So this deals with smaller vendors that supply the DOD with products. And it also deals with energy sector services that have something called industrial control systems. System control and data acquisitions, data controls, PLCs, primary logic circuits. These are things that control stepper motors, water valves, heat and temperature sensors. And all the things that make these hydraulics and motors and functioning pieces work in an industrial facility like a nuclear power plant, like an electric grid. These are the things. We try to protect these by putting in an air gap. You want to tell us what an air gap is? Well, this is not an air gap and this is. That's a great demonstration. So the network that controls the device should be physically separate from the network that's connected to the internet. So what could possibly go wrong? So you need to update those systems every once in a while and usually someone walks in a flash drive. That they found on the parking lot. Oh, this one looks interesting. This is 32 gigs. I know. It's free. What could possibly go wrong? And it says I want a prize. Yes, and we won't stick it into a computer that it might mess up. We'll just stick it into this turbine. You know, it's even when you think you're safe and you have a flash drive that you know is good. No. Like an unloaded gun. Yeah. You know it's not loaded. Right. So you stick that flash drive into the computer system on the internet and you download the updates for that control system. That piece of skater hardware, that human machine interface device. You download that update and then you unplug it and walk it physically into the control room of the industrial control systems. That's called sneaker net. Right. Of course. And you plug it in to do the updates. By the way, it's based on footwear. The sneakers to which it is being eluded are footwear. Some of the people might not know. Thank you. That's kind of jargon. You geeks take it all for granted that people know this technical jargon. Thank you. Sneakers. Yes. Well, that's why we have two of us. Sneaker net. You walk it in and you put it in the industrial control system and you run the update. Problem is, when you were getting the update on your other network, that computer system you were plugged into is most likely compromised. That's what we're finding out now. At least possibly compromised. It's more than likely now if you're in the energy sector. You've been compromised. You've just walked in a virus, another piece of malware, into your industrial control systems. This is how Stuxnet worked. I remember that. Stuxnet took down an Iranian nuclear plant by putting in a command to make the stepper motors, the things that turn the turbines. Go too fast. Go too fast. And then... Smells expensive. Some of this we talked about last week. And they melted. So now we're at the point where this could happen to us. So that malware is probably sitting on our industrial control systems waiting for some kind of a command. And it could be anything from another update or a certain increase of speed or switch to another network or some kind of change. It's waiting for a command so it can activate and destroy something or phone home. If it's not air-gapped, it can phone home, of course. So this could be as simple as an EMP blast at a certain frequency and it recognizes it and trips software into a certain state. EMP, electromagnetic pulse. Just so our audience knows. I'm trying to keep up. Yeah, yeah. Well, I'm a geek. But many of them are geeks, too. So this is one of the problems. The other thing is these aren't Department of Defense. This is not US government. What we're finding out is this malware is on supply chain. So I'm a small vendor. I might supply electricity to another vendor or a base or a DOD facility. And I have been compromised. And pray tell. Little guy, small vendor, how did you get selected? Lowest bidder. Always the lowest bidder. I'm afraid. I'm sorry. It's a very complicated process if you go through bidding out a contract and then you've got to know somebody because that's also the way it goes. You've got a low price and you've got to know somebody usually with four stars on their sleeve. And then that person goes to work for Trump. But only for a little while. Or possibly the local Haima office. So you get the contract, you supply the DOD with something, and your connection to them is what the bad actors want. Because now, say you have some kind of way to get into the DOD networks to report some data every month. You have a secure connection. So if somebody compromises your network, they can get into the DOD's network over your secure connection, which is not setting off on any alarms. No one's looking for it. No one is looking for them. So you can access that way. In addition, if I supply electricity to that base, well, the base has probably got some backup generators. Right. But they only work for a little while. So if I shut off the electricity and just wait, eventually that base is not going to have any power. It's going to make it harder for them to do things. Yeah, not impossible, but more difficult. And certain services are better with difficulties than others, as we know. Some services hardly ever have electricity at all. So they're pretty good with that. But this could damage the security of the nation. And if you take the power down, we don't have the capacity to serve people. We have very integrated systems now that depend on very close tolerances. If you had an old Beater 43 Jeep, you could essentially run it through water and just leave it in the driveway. And it would start up, or you could get it running again. But if you have a Lamborghini, a 12-cylinder, you fly in the mechanic from Italy to work on it. Those tolerances are much closer. It's a lot pickier. And we used to have warehouses in our supply chains, you alluded to. No, we don't have warehouses now. We have just-in-time manufacturers. Yeah, JIT, just-in-time. That's right. There we go. The tolerances on everything are much closer. And so now, when things go along, it's a much bigger problem. It could slow things down and grind us to a halt in no time at all. As we get more and more sophisticated and more and more fine-tuned, we become more and more vulnerable. So now, what the DHS, Department of Homeland Security and the FBI have said, their direct quote, I mind you, they said that Russia now has their finger on the button and can shut us down. Let's just ponder that thought for a moment, shall we? Been there done that. That's mutually assured destruction. I don't think we have our finger on their button. Well, you're not supposed to think that. I'm counting on it. Well, mutually assured is still destruction. Yeah. It doesn't make me feel good. There's no warm fuzzy here. It's better than not mutually assured destruction. I don't know. I'm still dead. Well, you're inconvenienced in the case of a power outage or a utility failure. Now, here's one of the big things, though. Water. The easiest way to destroy any kind of civilization, take away the water. Just put a few drops of something naughty in it. Now, that would be terrible, like poisoning water. I don't know about that. Of course, water isn't beyond poisoning. I think we've found that out this week also with the poisoning of several people in London that Russia said, no, we have nothing to do with this. Because they denied it, it must be true, because they denied it on the Internet. That's right. Don't they have a Twitter account? Probably. Because our president does. The dumbest president ever in the history of the United States has a Twitter account, and they won't take it away from him. That's the responsibility of all the people walking around with Trump in his orbit that don't understand that you're letting him destroy the planet. Thank you so much. Back to our show. Back to our show. Yes. I'm not working for a sponsor. Not that I have an opinion on anything. No, no. Completely objective on this point. It's definitely a complicated matter. People are not aware how vulnerable we are as a nation, as a community. We think it's just that these threats are individualized. We think that they apply to Amazon or where we buy our goodies and gadgets from. But it's much more systemic at this juncture. And we have less and less tolerance for it. Discuss the intolerance we have just in terms of the integration and fine tuning of our systems. But personality wise, just we aren't our grandparents or our grandparents' parents anymore. Let's talk about personality when we come back from the break. Until then, Mr. Chump, if you're watching, please come back and we're going to demonstrate how the companies and organizations that you don't control are compensating for your incompetence and how we're going to overcome this obstacle that you won't do anything about. So we'll be right back. Until then, stay safe. I'm Jay Fiedel, ThinkTech. ThinkTech loves energy. I'm the host of Mina, Marco and Me, which is Mina Morita, former chair of the PUC, former legislator, and Energy Dynamics, a consulting organization in energy. Marco Mangostorf is the CEO of Provision Solar in Hilo. Every two weeks, we talk about energy, everything about energy. Come around and watch us. We're on at noon and Mondays every two weeks on ThinkTech. Aloha. I'm Ethan Allen, host of Likeable Science on ThinkTech Hawaii. Every Friday afternoon at 2 p.m., I hope you'll join me for Likeable Science, where we'll dig into science, dig into the meat of science, dig into the joy and delight of science. We'll discover why science is indeed fun, why science is interesting, why people should care about science and care about the research that's being done out there. It's all great. It's all entertaining. It's all educational. So, I hope you'll join me for Likeable Science. Welcome back. And Mr. Trump, if you're watching, welcome back, sir. And we're now going to go into the part of the show where we tell you how we're going to compensate for you not doing your job and letting this country be in danger from a cyber attack, which you've been ignoring because you think it affects the legitimacy of your presidency, but we have news for you, sir. The elections have nothing to do with your legitimacy. You're moron that took away your legitimacy. Just so you know, those are the facts. Ask anybody around you. They're not going to tell you. You didn't watch somebody like me or Mr. Colbert on CBS every night, which I love. He just tears you apart, Mr. Trump. You're a complete diss. Now, let's get back to our show. We're having a tech moment now. Tom, you're going to share something about artificial intelligence with us. Yeah, it just was announced by Microsoft on this past Wednesday that they announced, with regard to Chinese to English translation. They've come up with a technology, a service of facility mechanism device that can actually translate from Chinese to English. This is written Chinese as well as, they're not claiming better than, but as well as an individual can. And some people are going, well, hey, my Siri can do that. Hey, well, what the heck, Google Translate can do that. No, no, this is at a slightly different level. This is at the professional level. This is at good enough for court. And it's a very big deal, not only because it's very practical, and that's a great big market that we may want to do business with, either as individuals or companies or governments. But what it portends is capabilities, machine capabilities that are accelerating faster than the experts had anticipated them to accelerate. It kind of blows away Moore's law. Yes. Moore's law was generally, you're supposed to double speed and storage capacity and process it. And half the price. Yeah, as every couple of years, every 18 months I think it was. And now we've just completely annihilated that. Exactly. We're on this asymptotic launch path that just takes us, that's a really steep curve by the asymptotic. Yeah. I kind of define. Steeper at a steeper rate. This is amazing to me because when I did some projects in China, I learned that because Western culture, they teach us nothing of Eastern culture when we're in school, especially public school, which I went to. So when I got to China, I actually learned some things about the people in the East and it was really fascinating that there's traditional Chinese and simplified Chinese out there. And we've used the Chinese characters, the symbols, the traditional. You can have, I think there's 20,000 of these characters because you can go into minutiae of emotions and feelings and color and just this really granular level of science. And poets will use these, scholars will use these, but most people use the simplified Chinese characters. So if you can translate traditional Chinese into English, that's amazing because I don't think the English language has the capacity to go into that kind of a granular description of something as traditional Chinese. Of course, we've only had English for what, 350 years, I think. But traditional Chinese, I believe is a little older. I think so. Just my guess, it might be just a smidge older than that. Chopsticks are older than forks. Take it and leave it. Yeah. I think they were around when we colonized the U.S. Yeah. Probably so. Yeah. I'm not positive. Not necessarily in the U.S. Somebody call in and tell us, let's put the number on the screen, it's 808-374-2014. If you can tell me how old the Chinese culture is, I think it's about 6,000 years. Yeah. Or you can call in and tell us that you have chopsticks. That would be the other thing. Good enough. Sure. This is amazing stuff. The translation, Google Translate, it's been out for about five years, I think. And it's pretty cool. And it's pretty darn good. And I know, because I've had to use it, when I lived in California, of course, the Spanish was pretty much my first language. And then I came out here and nobody spoke. So now I've forgotten most of it. Thank God Google Translate. Is this the men's room? Oh, good. It's over here. I'm so glad we figured this out. What's your favorite line? Don't do a style of biblioteca. In La Playa? In La Biblioteca? I can't remember any of my Chinese, something like, oh, I had to answer the phone. Why? You know, that's about it. Don't you? Oh, okay. Thank you. You know more. That's very good. Is that Mandarin or Cantonese? Probably one or the other. So I would guess Mandarin. That's the formal pleasant to listen to. 50-50 chance. I will take those guesses more often than not. Flip a coin. I got one of them. Yeah. Get chance. Okay, let's roll back into what we're talking about. There are organizations in the United States, both at the federal level and state level, that send out bulletins to people who sign up for them in the cyber sphere like us. Oh, like CERT? CERT. So the United States Computer Emergency Readiness Team, or US CERT, sends out bulletins. We get these every day. Check out my acronym. Yeah, just a second. That's it. That's it. That's it. CERT. Yes. For those taking notes at home, just wanted to give them a chance to catch up. Right. And R stands for readiness, not response. I mix that up all the time. But it's an organization that sends you out warnings all the time. And they don't just say, hey, there's a virus, hey, there's malware. They say it's a virus, it's malware, it's a phishing attack, and this is what it affects. Yeah. And here's what you might be able to do about it. And here's what you can do about it. And the shocking things is they put out industrial control systems and electronics all the time. It's fact that the ratio is about five to one that I've seen, electronics to software. So software isn't the biggest attack vector anymore. The electronics are because engineers are just designing stuff to work well. That's right. Right? They wanted to resist the weather and lots of cycles. But they're not thinking about security. It's very rare that they think about security. Why should they? Countants aren't making them think about security. It's a being-countering thing. So the US cert sent out a bulletin about this Russian hacking about a day after we started monitoring it. This is on the 15th. This is yesterday. And they sent out a spreadsheet, which was great. The spreadsheet had IP addresses, the actual numerical addresses of machines on the Internet, and website names, domain names, the actual names like www.badguy.com or whatever that is. They have a list of these things that you can tell your firewall do not allow traffic outside of your network in or out to these servers. These are command and control bad actors. Don't do this. It also included, and I like this, MD5 hashes of the malware that you can use to scan your systems currently. So let's review what a hash is. That hash is a mathematical algorithm. You send some data into it, and it comes out the other side as a specific number of bytes. MD5 would have 16 bytes. And it's just a hexadecimal representation of whatever data went into it. Now if I change even so much as one bit of the data that I'm putting into this MD5 algorithm, I'm going to get a different output. So that MD5 hash represents the exact signature of the bad malware that they know could be on your system. So if you put all these signatures, these MD5 hashes into your scanner, your IPS or IDS, then you could scan your system. And if one of those pieces of software has the same MD5 hash, that's a bad player, you need to get it off your network immediately. And if there was static, that would be just peachy keen wonderful. But unfortunately, it grows and grows and grows. We'll get a new list tomorrow. I hope you assert out there you're doing a fantastic job. I love you, you're one of the best organizations out there working for us, the American citizens trying to defend this nation. And you're definitely not the idiot Mr. Trump who's imitating the president currently and who is the dumbest guy. You are so dumb, Mr. President, and I can't even find an equivalent for you. Back to the show. Yes, me as well. So we listened to the US SIRT, there's also InfraGuard, have you signed up for InfraGuard yet? No, I haven't. You haven't told me about it. So InfraGuard is an association of civilian players and organizations in conjunction with the Federal Bureau of Investigation. So when you sign up, they make you give them your social security number? It's a little disconcerting. I got to tell you, I was a little bit taken aback. Could I give them your social security number instead? You could. They're probably going to say, are you sure you're Tom? Because you're coming up as Dave in our system and you don't look the same. I see. Your hair is different. I didn't know the IRS had my picture, but oh well. The IRS? No, this is InfraGuard. This is the FBI. Remember the 60s? They have your picture. Okay. Yeah. We all know what the government does. We all know how they treat us. We all know the records they keep on every single one of us. I know, because all my information is currently on the dark web, thanks to the Office of Professional Management, OPM getting hacked. After I applied for security clearance, again, thank you, President Trump, for not defending our country, you big moron. Back to the show. Yes. I love how you've avoided those technical accidents, so up to now. Up to now. Up to now. I've been trying to be kind, but I just can't stand seeing the country that I wore a uniform to defend being taken advantage of by a foreign actor. This is Russia now. Canada does this to us all the time, and North Korea to access, too. But we have a president who is the Commander-in-Chief of the United States Armed Services, and he is absolutely sitting on his thumbs, both of them at the same time. Somewhere. Actuated. Yes. Yes. And again, Mr. Trump, thank you so much for being such an idiot. And get out the stool and let somebody else do the job, please. Thank you. Back to the show. Yes. Thank you for being my co-host and tolerating my behavior today. And let's talk a little bit more about what we can do to protect ourselves as just red or old civilians in this day and age. We used to take care to create, in the islands, a hurricane kit, right, food, water. Like, do you think now we have to create an anti-Trump mistake kit? I was thinking we could live by rivers. So we have a water supply and an escape route? Well, and hydroelectric power. Oh, yeah, yeah. If we just all lived by rivers and make sure that no one's upstream of us, I think that would be... Without a toilet. Yeah, with that... That would pretty much... That's how we could take care of ourselves. I mean, to a certain extent, we can operate somewhat more independently than most of us are prepared to. We can get a sun oven. We have a sun oven. That's how prepared we are. No, you have sun. I live on the island where there's no sun. My side is we just have rain, which is great because we always have water. Let's share. Perhaps we could live together. With our last 30 seconds, what do you think we should... What's the most important thing we should learn from today? Don't take your blessings for granted. That's true. Be prepared. Be prepared. All assumptions are false. This is especially true of obvious assumptions. It doesn't mean go out and start your citizenship or immigration papers with New Zealand. It just means... Finland, I'm sorry. Finland is actually winning. Oh, they're the happiest capital, but it's really freaking cold there. I don't think we would like it there much. It is. It is. But they have that saying there's no bad weather, just bad clothing, which is... I don't believe that. Yeah, I'd never heard of that saying. It's a lucky thing. Thanks for being on the show today. We got to wrap it up. We're out of time. This is a great show. We got to do this again. I like this idea. Let's just keep cutting up Trump and giving people warnings about cybersecurity. Are you with me? Well, we call the world for interesting news. Is that a yes? Yes. Okay. I'll do it again. I'll do it at least one more time. Join us next week, everybody. Ilomo will be back with more informative news and opinions about our current administration, which completely sucks. Until then, stay safe.